Vulnerability Description
tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316
- https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316
- https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
FAQ
What is CVE-2024-34062?
CVE-2024-34062 is a vulnerability with a CVSS score of 4.8 (MEDIUM). tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code e...
How severe is CVE-2024-34062?
CVE-2024-34062 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-34062?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.