Nanhang

**Name of the Vulnerable Software and Affected Versions** Neovim versions prior to 0.12.3 **Description** A flaw in the View Branch component allows for command injection via the local host. The issue exists within the `M.read()` function located in the `runtime/lua/vim/secure.lua` file, where manipulating the `path` argument can lead to arbitrary command execution. **Recommendations** Apply patch f83e0dcaf8cf18de94828341b0a1a61a86c75baf to remediate the issue. As a temporary workaround, restrict or avoid the use of the `M.read()` function in `runtime/lua/vim/secure.lua` when handling untrusted `path` arguments.