Critical severity9.8NVD Advisory· Published Nov 17, 2017· Updated May 13, 2026
CVE-2017-1000212
CVE-2017-1000212
Description
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
alchemist.vimHex | < 1.3.2 | 1.3.2 |
Affected products
1- cpe:2.3:a:alchemist-elixir:alchemist-server:-:*:*:*:*:vim:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-6x65-vqp7-5r63ghsaADVISORY
- github.com/tonini/alchemist-server/issues/14nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-1000212ghsaADVISORY
- elixirforum.com/t/static-and-session-security-fixes-for-plug/3913ghsaWEB
- github.com/tonini/alchemist-server/pull/16ghsaWEB
News mentions
0No linked articles in our index yet.