CVE-2018-11319

Name of the Vulnerable Software and Affected Versions Syntastic (aka vim-syntastic) versions prior to 3.9.0

Description The issue arises from improper handling of searches for configuration files, where the search spans from the current directory up to potentially the root. This could potentially be exploited for arbitrary code execution via a malicious gcc plugin, provided an attacker has write access to a directory that is a parent of the project's base directory. It's noted that exploitation becomes more challenging after version 3.8.0, as it may require filename prediction.

Recommendations For versions prior to 3.9.0, update to version 3.9.0 or later to resolve the issue.