YCM remote code execution vulnerability

930 views
Skip to first unread message

Strahinja Markovic

unread,
Apr 25, 2014, 4:12:10 PM4/25/14
to ycm-...@googlegroups.com, Stephen Röttger
A remote code execution vulnerability has been found in YCM. It's a fairly involved and convoluted exploit, but it can be triggered by just opening a link to a malicious website.

A fix for the issue has already landed in the master branch. Update to the latest YCM to get the fix. If you installed with Vundle, you can update by running ":BundleUpdate" in Vim.

I'd like to thank Stephen Röttger for finding the issue, creating a working exploit and responsibly disclosing it. Thank you Stephen!
Reply all
Reply to author
Forward
0 new messages