CVE-2021-3013
CRITICALripgrep < 13.0.0 - Arbitrary Program Execution via -z/--search-zip or --pre Flag
Title source: llmDescription
ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md
Scores
CVSS v3
9.8
EPSS
0.0193
EPSS Percentile
77.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (3)
crates.io/grep-cli
0 - 0.1.6crates.io
crates.io/ripgrep
0 - 13.0.0crates.io
ripgrep_project/ripgrep
< 13.0.0
Published
Jun 11, 2021
Tracked Since
Feb 18, 2026