### [CVE-2019-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

### POC

#### Reference
- https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
- https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
- https://seclists.org/bugtraq/2019/Jun/33
- https://seclists.org/bugtraq/2019/Jun/33
- https://usn.ubuntu.com/4016-1/
- https://usn.ubuntu.com/4016-1/

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/JasonLOU/security
- https://github.com/Yang8miao/prov_navigator
- https://github.com/dai5z/LBAS
- https://github.com/datntsec/CVE-2019-12735
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/nickylimjj/cve-2019-12735
- https://github.com/numirias/security
- https://github.com/oldthree3/CVE-2019-12735-VIM-NEOVIM
- https://github.com/pcy190/ace-vim-neovim
- https://github.com/petitfleur/prov_navigator
- https://github.com/provnavigator/prov_navigator
- https://github.com/st9007a/CVE-2019-12735
- https://github.com/vicmej/modeline-vim
- https://github.com/whunt1/makevim