CVE-2019-20807 – vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode

https://notcve.org/view.php?id=CVE-2019-20807

28 May 2020 — In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •