You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The way vim-anywhere uses /tmp is insecure. Malicious local user could create /tmp/vim-anywhere, make it writable to everyone, and then read or tamper with other users' files in this directory. In the worst case, when a victim uses vim-anywhere to create a shell script to be pasted to shell, they could end up with arbitrary code execution.
Please use mktemp -d for creating temporary directories.
The text was updated successfully, but these errors were encountered:
The way vim-anywhere uses
/tmp
is insecure. Malicious local user could create/tmp/vim-anywhere
, make it writable to everyone, and then read or tamper with other users' files in this directory. In the worst case, when a victim uses vim-anywhere to create a shell script to be pasted to shell, they could end up with arbitrary code execution.Please use
mktemp -d
for creating temporary directories.The text was updated successfully, but these errors were encountered: