OS command injection in ripgrep
ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/–search-zip or –pre flag.
Advisories for Cargo/Grep-Cli package
2021
ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/–search-zip or –pre flag.