CVE-2019-12735 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-979 | neovim | 0.3.5-1 | 0.3.6-1 | High | Fixed | |
| AVG-976 | gvim | 8.1.1186-1 | 8.1.1467-1 | High | Fixed | |
| AVG-975 | vim | 8.1.1186-1 | 8.1.1467-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 11 Jun 2019 | ASA-201906-9 | AVG-976 | gvim | High | arbitrary code execution |
| 11 Jun 2019 | ASA-201906-8 | AVG-975 | vim | High | arbitrary code execution |
| References |
|---|
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040 |