Описание
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | released | 0.3.1-1ubuntu0.1 |
| devel | not-affected | 0.3.4-2 |
| disco | released | 0.3.4-1ubuntu0.19.04.1 |
| eoan | not-affected | 0.3.4-2 |
| esm-apps/bionic | released | 0.2.2-3ubuntu0.1~esm1 |
| esm-apps/focal | not-affected | 0.3.4-2 |
| esm-apps/jammy | not-affected | 0.3.4-2 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 0.3.4-2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:8.0.1453-1ubuntu1.1 |
| cosmic | released | 2:8.0.1766-1ubuntu1.1 |
| devel | released | 2:8.1.0875-4ubuntu1 |
| disco | released | 2:8.1.0320-1ubuntu3.1 |
| eoan | released | 2:8.1.0875-4ubuntu1 |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | released | 2:8.0.1453-1ubuntu1.1 |
| esm-infra/focal | released | 2:8.1.0875-4ubuntu1 |
| esm-infra/xenial | released | 2:7.4.1689-3ubuntu1.3 |
| focal | released | 2:8.1.0875-4ubuntu1 |
Показывать по
EPSS
9.3 Critical
CVSS2
8.6 High
CVSS3
Связанные уязвимости
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote ...
EPSS
9.3 Critical
CVSS2
8.6 High
CVSS3