mirror of
https://github.com/neovim/neovim.git
synced 2026-05-24 13:50:06 +00:00
0e07b2a1e2
Problem: [security]: command injection via backticks in tag files
(Srinivas Piskala Ganesh Babu, Andy Ngo)
Solution: Disallow backticks before attempting to expand filenames.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8
Supported by AI
c78194e41d
Co-authored-by: Christian Brabandt <cb@256bit.org>