CVE-2019-12735
CVE-2019-12735
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Productos afectados
n/a · n/aPoCs públicas encontradas — 6
githubgithub.com/pcy190/ace-vim-neovim★ 9githubgithub.com/oldthree3/CVE-2019-12735-VIM-NEOVIM★ 2githubgithub.com/nickylimjj/cve-2019-12735★ 1githubgithub.com/datntsec/CVE-2019-12735★ 0githubgithub.com/st9007a/CVE-2019-12735★ 0cve_referencewww.exploit-db.com/exploits/46973no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.htmlhttps://access.redhat.com/errata/RHSA-2019:1619https://access.redhat.com/errata/RHSA-2019:1774https://access.redhat.com/errata/RHSA-2019:1793https://access.redhat.com/errata/RHSA-2019:1947https://bugs.debian.org/930020https://bugs.debian.org/930024