CVE-2019-20807: OS Command Injection

Q: What is CVE-2019-20807?

CVE-2019-20807 is a vulnerability in Vim that was addressed with improved checks.

Q: Which software versions are affected by CVE-2019-20807?

CVE-2019-20807 affects macOS Catalina 10.15.6, Mojave, and High Sierra.

Q: How can I fix CVE-2019-20807?

To fix CVE-2019-20807, update your macOS to the latest available version.

Q: Where can I find more information about CVE-2019-20807?

You can find more information about CVE-2019-20807 on the Apple support website.

Published May 28, 2020

Updated

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

Other sources

Vim. This issue was addressed with improved checks.

Credit

Guilherme de Almeida Suckevicz

Affected Software

13 affected componentsFixes available

Apple macOS Catalina<10.15.6

10.15.6

Apple Mojave

Apple High Sierra

vim Vim<8.1.0881

Debian Debian Linux=9.0

openSUSE Leap=15.1

Canonical Ubuntu Linux=16.04

Canonical Ubuntu Linux=18.04

Apple iOS and macOS=10.13.6

Apple iOS and macOS=10.14.6

Starwindsoftware Command Center=2-build_6003

Starwindsoftware San \& Nas=1.0-update_1

debian/vim

2:8.2.2434-3+deb11u12:8.2.2434-3+deb11u32:9.0.1378-2+deb12u22:9.1.1230-22:9.1.2141-1

Remediation

Patch Available

https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075

Event History

May 28, 2020

CVE Published

via MITRE·01:05 PM

Data Sourced

via MITRE·01:05 PM

Description

Data Sourced

via NVD·02:15 PM

RemedyDescriptionSeverityWeaknessAffected Software

Jan 11, 2024

Data Sourced

via Launchpad·11:27 PM

Description

Feb 19, 2026

Data Sourced

via Ubuntu·09:54 PM

RemedyDescriptionSeverityAffected Software

Feb 20, 2026

Data Sourced

via Debian·09:55 PM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

HT211289

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2020-9927
CVE-2020-9884
CVE-2020-9889
CVE-2020-9888
CVE-2020-9890
CVE-2020-9891
CVE-2020-9928
CVE-2020-9929
CVE-2020-9870
CVE-2020-9866
CVE-2020-9869
CVE-2020-9949
CVE-2020-9934
CVE-2020-9883
CVE-2020-9865
CVE-2020-9900
CVE-2020-9980
CVE-2020-9799
CVE-2020-9913
CVE-2020-27933
CVE-2020-11758
CVE-2020-11759
CVE-2020-11760
CVE-2020-11761
CVE-2020-11762
CVE-2020-11763
CVE-2020-11764
CVE-2020-11765
CVE-2020-9871
CVE-2020-9872
CVE-2020-9874
CVE-2020-9879
CVE-2020-9936
CVE-2020-9937
CVE-2020-9919
CVE-2020-9876
CVE-2020-9873
CVE-2020-9938
CVE-2020-9877
CVE-2020-9875
CVE-2020-9984
CVE-2020-9887
CVE-2020-9908
CVE-2020-9990
CVE-2020-9921
CVE-2019-14899
CVE-2020-9904
CVE-2020-9924
CVE-2020-9892
CVE-2020-9863
CVE-2020-9902
CVE-2020-9905
CVE-2020-9997
CVE-2020-9926
CVE-2020-9994
CVE-2020-9935
CVE-2019-19906
CVE-2020-9920
CVE-2020-9922
CVE-2020-9885
CVE-2020-9878
CVE-2020-9880
CVE-2020-9881
CVE-2020-9882
CVE-2020-9940
CVE-2020-9985
CVE-2020-12243
CVE-2020-10878
CVE-2020-12723
CVE-2014-9512
CVE-2020-9930
CVE-2020-9939
CVE-2020-9864
CVE-2020-9868
CVE-2020-9854
CVE-2020-9901
CVE-2019-20807
CVE-2020-9898
CVE-2020-9918
CVE-2020-9899
CVE-2020-9906

Frequently Asked Questions

What is CVE-2019-20807?

CVE-2019-20807 is a vulnerability in Vim that was addressed with improved checks.

Which software versions are affected by CVE-2019-20807?

CVE-2019-20807 affects macOS Catalina 10.15.6, Mojave, and High Sierra.

How can I fix CVE-2019-20807?

To fix CVE-2019-20807, update your macOS to the latest available version.

Where can I find more information about CVE-2019-20807?

You can find more information about CVE-2019-20807 on the Apple support website.

CVE-2019-20807: OS Command Injection

Other sources

Credit

Affected Software

Remediation

Patch Available

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is CVE-2019-20807?

Which software versions are affected by CVE-2019-20807?

How can I fix CVE-2019-20807?

Where can I find more information about CVE-2019-20807?

Company

Resources

Contact