Advisory #49
Title | ripgrep arbitrary programs execution from current directory |
CVE ID | CVE-2021-3013 |
Vendor | ripgrep maintainers |
Affected product | ripgrep |
Affected versions | - 12.1.1 |
Vulnerability type | CWE-427 (Uncontrolled Search Path Element) |
Description | ripgrep before 13 allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. |
Status | Fixed in v13 |
Recommendation | Update to v13 or above |