PT-2019-3260 · Vim+6 · Vim+6
Arminius
·
Publicado
2016-11-22
·
Atualizado
2026-02-27
·
CVE-2019-12735
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Vim versions prior to 8.1.1365
Neovim versions prior to 0.3.6
Description
The issue is related to the lack of filtering in the
:source! command in a modeline, which allows remote attackers to execute arbitrary OS commands. This can lead to unauthorized access to confidential data, disruption of data integrity, and denial of service. The problem occurs when the modeline mode is enabled, which is on by default and allows setting editing options within a file.Recommendations
For Vim versions prior to 8.1.1365, update to version 8.1.1365 or later to resolve the issue.
For Neovim versions prior to 0.3.6, update to version 0.3.6 or later to resolve the issue.
As a temporary workaround, consider disabling the modeline mode by setting
:set nomodeline until a patch is available.Exploit
Correção
RCE
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Neovim
Red Hat
Suse
Ubuntu
Vim