CVE-2019-12735

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
9.3
HIGH
Affected
3
PROJECTS

Description

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

vim/vim
vim/vim
The official Vim repository
GitHubGitHub
40.5K
neovim/neovim
neovim/neovim
Vim-fork focused on extensibility and usability
GitHubGitHub
100K
numirias/security
numirias/security
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
GitHubGitHub
867