Download
| Alert*
|
oval:org.secpod.oval:def:705004
neovim is installed oval:org.secpod.oval:def:55330 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. oval:org.secpod.oval:def:705011 neovim: heavily refactored vim fork Neovim could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1902050 Modelines allow arbitrary code execution by opening a specially crafted text file oval:org.secpod.oval:def:604462 User Arminius discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi , which also affected the Neovim fork, an extensible editor focused on modern code and features: Editors typically provide a way to embed editor configuration commands which are executed once a file ... |
