git.ipfire.org Git - thirdparty/vim.git/commit

author	pyllyukko <pyllyukko@maimed.org>
	Thu, 19 Mar 2026 19:58:05 +0000 (19:58 +0000)
committer	Christian Brabandt <cb@256bit.org>
	Thu, 19 Mar 2026 20:07:51 +0000 (20:07 +0000)
commit	645ed6597d1ea896c712cd7ddbb6edee79577e9a
tree	3ee4971ab9850531863fd405e31489c707f82dc8	tree \| snapshot
parent	cc8798e71982de485cf00b2630d01285ca045008	commit \| diff

patch 9.2.0202: [security]: command injection via newline in glob()

Problem:  The glob() function on Unix-like systems does not escape
          newline characters when expanding wildcards. A maliciously
          crafted string containing '\n' can be used as a command
          separator to execute arbitrary shell commands via
          mch_expand_wildcards(). This depends on the user's 'shell'
          setting.
Solution: Add the newline character ('\n') to the SHELL_SPECIAL
          definition to ensure it is properly escaped before being
          passed to the shell (pyllyukko).

closes: #19746

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c

Signed-off-by: pyllyukko <pyllyukko@maimed.org>
Signed-off-by: Christian Brabandt <cb@256bit.org>

src/os_unix.c		diff \| blob \| blame \| history
src/version.c		diff \| blob \| blame \| history