Advisory #49
| Title | ripgrep arbitrary programs execution from current directory |
| CVE ID | CVE-2021-3013 |
| Vendor | ripgrep maintainers |
| Affected product | ripgrep |
| Affected versions | - 12.1.1 |
| Vulnerability type | CWE-427 (Uncontrolled Search Path Element) |
| Description | ripgrep before 13 allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. |
| Status | Fixed in v13 |
| Recommendation | Update to v13 or above |