Brain Phrye

code cooking diy fiction personal photos politics reviews tools 


Vim CVE 2019 12735

Sigh. There’s a modelines vulnerability in vim that’s rather simple to exploit. Thankfully there’s a simple workaround - just disable that functionality.

Add this to your ~/.vimrc and then it won’t affect you but you’ll get modelines back when fixed versions arrive. However there’s some question about the fix so might keep an eye out on this issue and adjust the if statement as appropriate.

1
2
3
4
5
6
7
8
9
" Disabled due to https://nvd.nist.gov/vuln/detail/CVE-2019-12735
" https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
if v:version < 801 || ! has('patch-8.1.1365')
  set modelines=0
  set nomodeline
else
  set modelines=5
  set modeline
endif