diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2025-03-03 06:59:54 +0800 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-02 22:59:54 +0000 | 
| commit | 560b8a8ce0f89e72b73c2a625f2ff6ad923c8183 (patch) | |
| tree | 8b5360db774f117051f8ab8fe12418937e886bda /test/functional/api/server_requests_spec.lua | |
| parent | c4a0c1d3b02761626ffced32fe74b0df5b665a5f (diff) | |
| download | rneovim-560b8a8ce0f89e72b73c2a625f2ff6ad923c8183.tar.gz rneovim-560b8a8ce0f89e72b73c2a625f2ff6ad923c8183.tar.bz2 rneovim-560b8a8ce0f89e72b73c2a625f2ff6ad923c8183.zip | |
vim-patch:9.1.1164: [security]: code execution with tar.vim and special crafted tar files (#32701)
Problem:  editing a special crafted tar file allows code execution
          (RyotaK, after 129a8446d23cd9cb4445fcfea259cba5e0487d29)
Solution: escape the filename before feeding it to the `:read` command
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399
Co-authored-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'test/functional/api/server_requests_spec.lua')
0 files changed, 0 insertions, 0 deletions
