AZL-40307

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40307.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-40307

Upstream

CVE-2024-34062

Published

2024-05-03T10:15:08Z

Modified

2026-04-01T05:13:34.990547Z

Summary

CVE-2024-34062 affecting package python-tqdm for versions less than 4.63.1-3

Details

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. --delim, --buf-size, --manpath) are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-34062

Affected packages

Azure Linux:2 / python-tqdm

Package

Name: python-tqdm
Purl: pkg:rpm/azure-linux/python-tqdm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.63.1-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40307.json"