ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/–search-zip or –pre flag.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Ripgrep |
Ripgrep_project |
* |
13.0.0 (excluding) |
References