Opened 107 minutes ago
Last modified 72 minutes ago
#5877 assigned enhancement
vim-9.2.0078 (Security update)
| Reported by: | Bruce Dubbs | Owned by: | zeckma |
|---|---|---|---|
| Priority: | normal | Milestone: | 13.1 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
# Summary
An OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using thescp:// protocol handler), an attacker can execute arbitrary shell commands with the privileges
of the Vim process.
Change History (2)
comment:1 by , 83 minutes ago
comment:2 by , 72 minutes ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Ensure that commit was pushed in LFS. I'll handle the SA.
Note:
See TracTickets
for help on using tickets.
Fixed at commit 87c5aa4fed.
Leaving open for sa