summaryrefslogtreecommitdiffstatshomepage
path: root/test/functional/vimscript/executable_spec.lua
diff options
context:
space:
mode:
authorzeertzjq <zeertzjq@outlook.com>2026-03-02 09:14:42 +0800
committerzeertzjq <zeertzjq@outlook.com>2026-04-23 12:51:11 +0800
commitab41543f8e35f1345db5c4698f291c9b07980f9c (patch)
treed608dbbe436906d4b3446baf96e499edd4c05444 /test/functional/vimscript/executable_spec.lua
parent84cafb9c97fa4678b45acdc56c8b2f95231fc3e7 (diff)
vim-patch:9.2.0073: [security]: possible command injection using netrw
Problem: [security]: Insufficient validation of hostname and port in netrw URIs allows command injection via shell metacharacters (ehdgks0627, un3xploitable). Solution: Implement stricter RFC1123 hostname and IP validation. Use shellescape() for the provided hostname and port. Github Advisory: https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336 https://github.com/vim/vim/commit/79348dbbc09332130f4c86045e1541d68514fcc1 Co-authored-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'test/functional/vimscript/executable_spec.lua')
0 files changed, 0 insertions, 0 deletions