CVE-2019-20807
Description
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.206
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-20807 are affected in Vim 8.1.0022 | Windows |
| Multiple vulnerabilities are fixed in MacOS Catalina 10.15.6 | Mac |
| Multiple vulnerabilities are fixed in macOS Catalina 10.15.6 Combo Update | Mac |
| SUSE-SU-2020:1550-1(SUSE Linux Enterprise Server 12-SP4 ) gvim-7.4.326-17.6.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1550-1(SUSE Linux Enterprise Server 12-SP4 ) gvim-debuginfo-7.4.326-17.6.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1550-1(SUSE Linux Enterprise Server 12-SP5 ) gvim-7.4.326-17.6.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1550-1(SUSE Linux Enterprise Server 12-SP4 ) vim-data-7.4.326-17.6.1.noarch.rpm | Linux |
| SUSE-SU-2020:1550-1(SUSE Linux Enterprise Server 12-SP5 ) gvim-debuginfo-7.4.326-17.6.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1550-1(SUSE Linux Enterprise Server 12-SP4 ) vim-debugsource-7.4.326-17.6.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1550-1(SUSE Linux Enterprise Server 12-SP5 ) vim-data-7.4.326-17.6.1.noarch_SP5.rpm | Linux |
| SUSE-SU-2020:1550-1(SUSE Linux Enterprise Server 12-SP5 ) vim-debugsource-7.4.326-17.6.1.x86_64_SP5.rpm | Linux |
| Vi IMproved - enhanced vi editor (USN-4582-1) vim_7.4.1689-3ubuntu1.5_i386.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-4582-1) vim_7.4.1689-3ubuntu1.5_amd64.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-4582-1) vim_8.0.1453-1ubuntu1.4_i386.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-4582-1) vim_8.0.1453-1ubuntu1.4_amd64.deb | Linux |
| (RHSA-2020:4453) vim security update vim-X11-8.0.1763-15.el8.x86_64.rpm | Linux |
| (RHSA-2020:4453) vim security update vim-common-8.0.1763-15.el8.x86_64.rpm | Linux |
| (RHSA-2020:4453) vim security update vim-debugsource-8.0.1763-15.el8.x86_64.rpm | Linux |
| (RHSA-2020:4453) vim security update vim-enhanced-8.0.1763-15.el8.x86_64.rpm | Linux |
| (RHSA-2020:4453) vim security update vim-filesystem-8.0.1763-15.el8.noarch.rpm | Linux |
| (RHSA-2020:4453) vim security update vim-minimal-8.0.1763-15.el8.x86_64.rpm | Linux |
| Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.0.1453-1ubuntu1.7_i386.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.0.1453-1ubuntu1.7_amd64.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.1.2269-1ubuntu5.4_i386.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.1.2269-1ubuntu5.4_amd64.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.2.2434-1ubuntu1.3_i386.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.2.2434-1ubuntu1.3_amd64.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.2.2434-3ubuntu3.1_i386.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.2.2434-3ubuntu3.1_amd64.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-4582-1) vim-common_8.0.1453-1ubuntu1.4_all.deb | Linux |
| Vi IMproved - enhanced vi editor (USN-4582-1) vim-runtime_8.0.1453-1ubuntu1.4_all.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-602673 | MacOS Catalina 10.15.7 - Auto Reboot |
| PATCH-602674 | macOS Catalina 10.15.7 Combo Update - Auto Reboot |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234