CVE-2021-3013

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
ripgrep_projectripgrep
𝑥
< 13.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rust-ripgrep
bullseye
12.1.1-1
fixed
bookworm
13.0.0-4
fixed
sid
14.1.1-1
fixed
trixie
14.1.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ripgrep
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
bionic
dne
xenial
ignored
trusty
dne
rust-ripgrep
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
ignored
jammy
needs-triage
focal
needs-triage
bionic
dne
xenial
ignored
trusty
dne
References
https://github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md
https://github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md
https://github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md
https://github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md