mirror of
https://github.com/neovim/neovim.git
synced 2026-05-27 07:18:36 +00:00
ab41543f8e
Problem: [security]: Insufficient validation of hostname and port in
netrw URIs allows command injection via shell metacharacters
(ehdgks0627, un3xploitable).
Solution: Implement stricter RFC1123 hostname and IP validation.
Use shellescape() for the provided hostname and port.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336
79348dbbc0
Co-authored-by: Christian Brabandt <cb@256bit.org>