CVE-2019-12735 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Group Package Affected Fixed Severity Status Ticket
AVG-979 neovim 0.3.5-1 0.3.6-1 High Fixed
AVG-976 gvim 8.1.1186-1 8.1.1467-1 High Fixed
AVG-975 vim 8.1.1186-1 8.1.1467-1 High Fixed
Date Advisory Group Package Severity Description
11 Jun 2019 ASA-201906-9 AVG-976 gvim High arbitrary code execution
11 Jun 2019 ASA-201906-8 AVG-975 vim High arbitrary code execution
References
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040