Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

Published: May 28, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-20807
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
vim / vim	-	8.1.0881
debian / debian_linux	9.0	9.0.x
opensuse / leap	15.1	15.1.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	16.04	16.04.x
apple / mac_os_x	10.13.6	10.13.6.x
apple / mac_os_x	10.14.6	10.14.6.x
starwindsoftware / command_center	2-build_6003	2-build_6003.x
starwindsoftware / san_&_nas	1.0-update_1	1.0-update_1.x