CVE-2021-3013

Опубликовано: 11 июн. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.

Ссылки

https://github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md
Patch
Third Party Advisory
https://github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:ripgrep_project:ripgrep:*:*:*:*:*:*:*:*

Версия до 13.0.0 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.0071

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-3013

CVSS3: 9.8

ubuntu

больше 4 лет назад

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.

CVE-2021-3013

CVSS3: 9.8

debian

больше 4 лет назад

ripgrep before 13 on Windows allows attackers to trigger execution of ...

GHSA-g4xg-fxmg-vcg5

CVSS3: 9.8

github

больше 4 лет назад

OS command injection in ripgrep

EPSS

Процентиль: 72%

0.0071

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo