Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-12735

Опубликовано: 05 июн. 2019
Источник: debian
EPSS Средний

Описание

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
vimfixed2:8.1.0875-4package
neovimfixed0.3.4-3package

Примечания

  • https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

  • vim patches: https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040

  • neovim pull request: https://github.com/neovim/neovim/pull/10082

EPSS

Процентиль: 98%
0.56629
Средний

Связанные уязвимости

ubuntu логотип

CVE-2019-12735

CVSS3: 8.6
ubuntu
больше 6 лет назад

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

redhat логотип

CVE-2019-12735

CVSS3: 5.3
redhat
больше 6 лет назад

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

nvd логотип

CVE-2019-12735

CVSS3: 8.6
nvd
больше 6 лет назад

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

msrc логотип

CVE-2019-12735

CVSS3: 8.6
msrc
почти 5 лет назад

Описание отсутствует

suse-cvrf логотип

openSUSE-SU-2019:1759-1

suse-cvrf
около 6 лет назад

Security update for neovim

EPSS

Процентиль: 98%
0.56629
Средний