CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
67.9%
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted
attackers to execute arbitrary commands via shell metacharacters in a
filename used by the (1) “D” (delete) command or (2) b:netrw_curdir
variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
Author | Note |
---|---|
mdeslaur | This was patched in vim from usn-712-1 |