getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
References
Configurations
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-06-05 14:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-12735
Mitre link : CVE-2019-12735
CVE.ORG link : CVE-2019-12735
JSON object : View
Products Affected
neovim
- neovim
vim
- vim
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')