Lucene search
GoogleOSV:GHSA-G4XG-FXMG-VCG5HistoryAug 05, 2021 - 7:31 p.m.
OS command injection in ripgrep
2021-08-0519:31:55
Google
osv.dev
12
windows
command injection
ripgrep
security
software
EPSS
0.003
Percentile
71.7%
ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/–search-zip or --pre flag.
References
github.com/BurntSushi/ripgrep
github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md
github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md
github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md#1300-2021-06-12
github.com/BurntSushi/ripgrep/issues/1773
nvd.nist.gov/vuln/detail/CVE-2021-3013
rustsec.org/advisories/RUSTSEC-2021-0071.html
Related
nvd
nvd
CVE-2021-3013
2021-06-11 12:15:12
debiancve
debiancve
CVE-2021-3013
2021-06-11 12:15:12
rustsec
rustsec
`grep-cli` may run arbitrary executables on Windows
2021-06-12 12:00:00
ubuntucve
ubuntucve
CVE-2021-3013
2021-06-11 00:00:00
osv
osv
ripgrep-13.0.0-2.2 on GA media
2024-06-15 00:00:00
`grep-cli` may run arbitrary executables on Windows
2021-06-12 12:00:00
CVE-2021-3013
2021-06-11 12:15:12
github
github
OS command injection in ripgrep
2021-08-05 19:31:55
prion
prion
Design/Logic Flaw
2021-06-11 12:15:00
cvelist
cvelist
CVE-2021-3013
2021-06-11 11:19:37
cve
cve
CVE-2021-3013
2021-06-11 12:15:12
huntr
huntr
Arbitrary command execution on Windows
2023-07-10 00:42:29