VDB

GCVE-110-MAGEIA-2020-82

GCVE-110-MAGEIA-2020-82
Advisory Published
Vulnetix · Advisory published February 13, 2020
Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the `:source!` command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands when a specially crafted file is opened (CVE-2019-12735).

Affected Products

VendorProductVersionsPlatforms
Mageianeovim0.3.7-1.mga7 (unaffected), 0 (affected), 0 (affected), 0.3.7-1.mga7 (unaffected)
Mageiavim8.1.1048-1.1.mga7 (unaffected), 0 (affected), 0 (affected), 8.1.1048-1.1.mga7 (unaffected)
Mageiaflash-player-plugin0 (affected), 32.0.0.344-1.mga7.nonfree (unaffected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›