You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ycm-...@googlegroups.com, Stephen Röttger
A remote code execution vulnerability has been found in YCM. It's a fairly involved and convoluted exploit, but it can be triggered by just opening a link to a malicious website.
A fix for the issue has already landed in the master branch. Update to the latest YCM to get the fix. If you installed with Vundle, you can update by running ":BundleUpdate" in Vim.
I'd like to thank Stephen Röttger for finding the issue, creating a working exploit and responsibly disclosing it. Thank you Stephen!