tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-03T09:55:26.119Z
Updated: 2024-06-17T18:59:40.062Z
Reserved: 2024-04-30T06:56:33.380Z
Link: CVE-2024-34062
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-05-03T10:15:08.500
Modified: 2024-06-10T17:16:28.360
Link: CVE-2024-34062
JSON object: View
Redhat Information
No data.
CWE