F8 is great

Please accept my apologies regarding the priority and visibility. My intention is not to be annoying; allow me to explain. These kinds of code execution issues can be extremely serious. Because code execution flaws allows attackers full access to that machine as the logged-in user, the potential for extremely nasty outcomes is very significant, including: The attacker gains access to the victims email, potentially allowing malicious account password resets The attacker gains access to secrets like...

SciTE automatic untrusted code execution via Lua

I would suggest that this issue should remain private for now; making this issue public before a fixed build is released puts users at risk. (According to the main download page, the latest version still appears to be 5.3.6, which I believe is vulnerable)

Thank you for the quick response. Confirmed, I can see how this would fix the issue. I do have some follow-up questions: * This code appears to be purely limited to SciTE, and does not affect Scintilla. Is that correct? * If I am reading the project history in Mercurial correctly, this issue was first introduced in commit 7bd54888215d from 2011-08-05, and was first released under v2.29, and affects every version since. Is that correct? * I could not find any other instances of CommandExecute being...

SciTE automatic untrusted code execution