CVE-2019-20807
MEDIUM | Platform: macOS | Changelog
CVE Details
Description
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 5.3 (MEDIUM) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Weakness
References
- Apple Security Advisory
- NVD Entry
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html (Mailing List, Third Party Advisory)
- http://seclists.org/fulldisclosure/2020/Jul/24 (Mailing List, Third Party Advisory)
- https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 (Patch, Third Party Advisory)
- https://github.com/vim/vim/releases/tag/v8.1.0881 (Release Notes, Third Party Advisory)
- https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html (Mailing List, Third Party Advisory)
- https://usn.ubuntu.com/4582-1/ (Mailing List, Third Party Advisory)
- https://www.starwindsoftware.com/security/sw-20220812-0003/ (Third Party Advisory)