UBUNTU-CVE-2024-34062

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-34062

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-34062.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-34062

Related

CVE-2024-34062

Published

2024-05-03T10:15:00Z

Modified

2024-10-30T16:30:59Z

Summary

[none]

Details

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. --delim, --buf-size, --manpath) are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Ubuntu:Pro:18.04:LTS / tqdm

Package

Name: tqdm
Purl: pkg:deb/ubuntu/tqdm?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.2-1

4.19.5-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / tqdm

Package

Name: tqdm
Purl: pkg:deb/ubuntu/tqdm?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.30.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / tqdm

Package

Name: tqdm
Purl: pkg:deb/ubuntu/tqdm?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.57.0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / tqdm

Package

Name: tqdm
Purl: pkg:deb/ubuntu/tqdm?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.66.5-1

Affected versions

4.*

4.66.2-2

4.66.4-1

4.66.4-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.66.5-1",
            "binary_name": "python3-tqdm"
        }
    ]
}

Ubuntu:24.04:LTS / tqdm

Package

Name: tqdm
Purl: pkg:deb/ubuntu/tqdm?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.64.1-1

4.64.1-2

4.66.2-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}