CVE-2016-1248 - log back

CVE-2016-1248 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary command execution
Description
+ A vulnerability has been discovered in vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options' values are then used in vim's scripts to build a command string that's evaluated by execute, which is what allows the shell commands to be run.
+
+ This has been fixed in Vim by patch 8.0.0056. Since Neovim shares this code, it is also vulnerable.
References
+ https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
+ https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
Notes