---

CVE-2016-1248 - log back

CVE-2016-1248 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Arbitrary command execution
Description	+ A vulnerability has been discovered in vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options' values are then used in vim's scripts to build a command string that's evaluated by execute, which is what allows the shell commands to be run. + + This has been fixed in Vim by patch 8.0.0056. Since Neovim shares this code, it is also vulnerable.
References	+ https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a + https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
Notes