diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2026-03-02 09:14:42 +0800 |
|---|---|---|
| committer | zeertzjq <zeertzjq@outlook.com> | 2026-04-23 12:51:11 +0800 |
| commit | ab41543f8e35f1345db5c4698f291c9b07980f9c (patch) | |
| tree | d608dbbe436906d4b3446baf96e499edd4c05444 /test/functional/vimscript/executable_spec.lua | |
| parent | 84cafb9c97fa4678b45acdc56c8b2f95231fc3e7 (diff) | |
vim-patch:9.2.0073: [security]: possible command injection using netrw
Problem: [security]: Insufficient validation of hostname and port in
netrw URIs allows command injection via shell metacharacters
(ehdgks0627, un3xploitable).
Solution: Implement stricter RFC1123 hostname and IP validation.
Use shellescape() for the provided hostname and port.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336
https://github.com/vim/vim/commit/79348dbbc09332130f4c86045e1541d68514fcc1
Co-authored-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'test/functional/vimscript/executable_spec.lua')
0 files changed, 0 insertions, 0 deletions
