CVE-2019-12735 -- neovim, vim
|ID: oval:org.secpod.oval:def:55330||Date: (C)2019-06-11 (M)2019-07-22|
|Class: VULNERABILITY||Family: unix|
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.