Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NVim
APPVim< 9.2.0073
Related vulnerabilities
Vim: command injection przez %{expr} w tabpanel umożliwia RCE
Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the ope...
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
Heap-based Buffer Overflow in vim/vim prior to 8.2.
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it d...