Описание
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the scp:// protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | pending | |
| esm-infra-legacy/trusty | released | 2:7.4.052-1ubuntu3.1+esm23 |
| esm-infra/bionic | released | 2:8.0.1453-1ubuntu1.13+esm14 |
| esm-infra/focal | released | 2:8.1.2269-1ubuntu5.32+esm2 |
| esm-infra/xenial | released | 2:7.4.1689-3ubuntu1.5+esm29 |
| jammy | released | 2:8.2.3995-1ubuntu2.26 |
| noble | released | 2:9.1.0016-1ubuntu7.10 |
| questing | released | 2:9.1.0967-1ubuntu6.1 |
| upstream | released | 9.2.0073 |
Показывать по
Ссылки на источники
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Vim is an open source, command line text editor. Prior to version 9.2. ...
Уязвимость текстового редактора vim, связанная с непринятием мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольные команды
EPSS
4.4 Medium
CVSS3