3 matches found
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
vim: Fix of CVE-2026-46483
CVE-2026-46483: fix command injection in the tar plugin's tarVimuntar function by using the correct shellescapetartail, 1 form so that a crafted .tgz filename cannot trigger cmdline-special expansion in the :! command...
Vim 操作系统命令注入漏洞
Vim is an open-source, cross-platform text editor developed by Vim. Prior to Vim 9.2.0479, there was a vulnerability related to operating system command injection. This vulnerability stemmed from the use of the shellescape tartail for constructing commands when the tarVimuntar function decompress...