Launchpad.net

CVE 2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

See the CVE page on Mitre.org for more details.