CVE-2023-4736Untrusted Search Path in VIM

CWE-426Untrusted Search Path8 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 91.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
VIMVIM VIMApple Macos
Timeline
PublishedSep 2
Latest updateOct 25

Description

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDvim/vim< 9.0.1833
CVEListV5vim/vim_vimunspecified9.0.1833
Alpinevim/vim< 9.0.2073-r0+5
NVDapple/macos14.0

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-93j8-r599-v94c: Untrusted Search Path in GitHub repository vim/vim prior to 92023-09-02
CVEList
Untrusted Search Path in vim/vim2023-09-02
OSV
CVE-2023-4736: Untrusted Search Path in GitHub repository vim/vim prior to 92023-09-02

📋Vendor Advisories

4
Apple
CVE-2023-4736: macOS Sonoma 14.12023-10-25
Microsoft
Untrusted Search Path in vim/vim2023-09-12
Red Hat
vim: Arbitrary command execution on Windows in vim/vim2023-09-02
Debian
CVE-2023-4736: vim - Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.2023
CVE-2023-4736 — Untrusted Search Path in VIM VIM | cvebase