Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim. Vim editor allows users to create, view or edit any file, including text, programming scripts, and documents. Using “:source!” command (with a bang [!] modifier) can be used to bypass the sandbox. The vulnerability resides in Vim editor, an extended forked version of Vim, which allows attackers to secretly execute commands.
Source: https://thehackernews.com/2019/06/linux-vim-vulnerability.html