CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
67.9%
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) “D” (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | vim | < 2:7.2.148-1 | vim_2:7.2.148-1_all.deb |
Debian | 11 | all | vim | < 2:7.2.148-1 | vim_2:7.2.148-1_all.deb |
Debian | 999 | all | vim | < 2:7.2.148-1 | vim_2:7.2.148-1_all.deb |
Debian | 13 | all | vim | < 2:7.2.148-1 | vim_2:7.2.148-1_all.deb |