mirror of
https://github.com/neovim/neovim.git
synced 2026-05-03 12:35:00 +00:00
vim-patch:9.1.1947: [security]: Windows: Vim may execute commands from current directory
Problem: [security]: Windows: Vim may execute commands from current
directory (Simon Zuckerbraun)
Solution: Set the $NoDefaultCurrentDirectoryInExePath before running
external commands.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834
083ec6d9a3
Co-authored-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
zeertzjq
3
runtime/lua/vim/_meta/vimfn.lua
generated
3
runtime/lua/vim/_meta/vimfn.lua
generated
@@ -1652,7 +1652,8 @@ function vim.fn.eventhandler() end
|
||||
--- *NoDefaultCurrentDirectoryInExePath*
|
||||
--- On MS-Windows an executable in Vim's current working directory
|
||||
--- is also normally found, but this can be disabled by setting
|
||||
--- the $NoDefaultCurrentDirectoryInExePath environment variable.
|
||||
--- the `$NoDefaultCurrentDirectoryInExePath` environment variable.
|
||||
--- This is always done for |:!| commands, for security reasons.
|
||||
---
|
||||
--- The result is a Number:
|
||||
--- 1 exists
|
||||
|
||||
Reference in New Issue
Block a user