Linux users, beware! If you haven’t recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful […]
Welcome to Vim Sh*tty 2000 Proof-of-concept text files are now available that, when opened in a vulnerable installation of the Vim and Neovim, will execute commands on the underlying machine, or even open a backdoor.… The Register – Security