vulnerability
Oracle Linux: CVE-2019-20807: ELSA-2020-4453: vim security update (MODERATE) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:L/AC:L/Au:S/C:P/I:P/A:P) | 2020-02-08 | 2020-11-12 | 2024-12-14 |
Severity
4
CVSS
(AV:L/AC:L/Au:S/C:P/I:P/A:P)
Published
2020-02-08
Added
2020-11-12
Modified
2024-12-14
Description
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. Interfaces such as Python, Ruby, and Lua, are also disabled, as they can be used to execute shell commands. Perl uses the Safe module.
A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. Interfaces such as Python, Ruby, and Lua, are also disabled, as they can be used to execute shell commands. Perl uses the Safe module.
Solution(s)
oracle-linux-upgrade-vim-commonoracle-linux-upgrade-vim-enhancedoracle-linux-upgrade-vim-filesystemoracle-linux-upgrade-vim-minimaloracle-linux-upgrade-vim-x11

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.