Prior to this version, Command didn't properly escape command line arguments on windows.
Although, the risk of attacker controlled arguments passed through fd is relatively small, I think it is best to upgrade to a version that fixes this.
The biggest risk for users is probably running fd with --exec or --exec-batch on directories that contain files with names controlled by another party (for example a git repo that you cloned).
Prior to this version,
Commanddidn't properly escape command line arguments on windows.Although, the risk of attacker controlled arguments passed through fd is relatively small, I think it is best to upgrade to a version that fixes this.
The biggest risk for users is probably running fd with
--execor--exec-batchon directories that contain files with names controlled by another party (for example a git repo that you cloned).See: https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html Security: CVE-2024-24576