VDB

DEBIAN-CVE-2019-12735

DEBIAN-CVE-2019-12735 PUBLISHED CVSS 8.600000381469727 HIGH

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Risk Scores

CVSS 3.0
8.600000381469727
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:13vim0, 0, 0
Debian:11vim0, 0, 0
Debian:13neovim0, 0, 0
Debian:12neovim0, 0, 0
Debian:14neovim0, 0, 0
Debian:14vim0, 0, 0
Debian:11neovim0, 0, 0
Debian:12vim0, 0, 0

Timeline

  • Jun 5, 2019 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›