CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34062 – tqdm CLI arguments injection attack
https://notcve.org/view.php?id=CVE-2024-34062
03 May 2024 — tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. • https://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10075 – Gentoo Linux Security Advisory 201807-01
https://notcve.org/view.php?id=CVE-2016-10075
19 Jan 2017 — The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. El módulo tqdm._version en tqdm en versiones 4.4.1 y 4.10 permite a usuarios locales ejecutar código arbitrario a través de un repo manipulado con un registro git malicioso en el directorio de trabajo actual. A vulnerability in tqdm could allow remote attackers to execute arbitrary code. • http://www.openwall.com/lists/oss-security/2016/12/28/8 • CWE-17: DEPRECATED: Code •