Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yN3E3LXhjanctcXg4cc4AAVUm
TDQM Arbitrary Code Execution
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yN3E3LXhjanctcXg4cc4AAVUm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 11 months ago
CVSS Score: 7.8
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-r7q7-xcjw-qx8q, CVE-2016-10075
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-10075
- https://github.com/tqdm/tqdm/issues/328
- https://security.gentoo.org/glsa/201807-01
- http://www.openwall.com/lists/oss-security/2016/12/28/8
- https://github.com/tqdm/tqdm/pull/330
- https://web.archive.org/web/20170214023533/http://www.securityfocus.com/bid/95143
- https://github.com/advisories/GHSA-r7q7-xcjw-qx8q
Blast Radius: 40.1
Affected Packages
pypi:tqdm
Dependent packages: 11,524Dependent repositories: 136,364
Downloads: 117,955,573 last month
Affected Version Ranges: = 4.10.0, = 4.4.1
Fixed in: 4.11.2, 4.11.2
All affected versions: 4.4.1, 4.10.0
All unaffected versions: 2.0.0, 2.2.3, 2.2.4, 3.1.3, 3.1.4, 3.4.0, 3.7.0, 3.7.1, 3.8.0, 4.1.0, 4.4.0, 4.4.3, 4.5.0, 4.5.2, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.7.2, 4.7.4, 4.7.6, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.9.0, 4.11.0, 4.11.1, 4.11.2, 4.12.0, 4.13.0, 4.14.0, 4.15.0, 4.16.0, 4.17.0, 4.17.1, 4.18.0, 4.19.1, 4.19.2, 4.19.4, 4.19.5, 4.19.6, 4.19.7, 4.19.8, 4.19.9, 4.20.0, 4.21.0, 4.22.0, 4.23.0, 4.23.1, 4.23.2, 4.23.3, 4.23.4, 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, 4.28.1, 4.29.0, 4.29.1, 4.30.0, 4.31.0, 4.31.1, 4.32.0, 4.32.1, 4.32.2, 4.33.0, 4.34.0, 4.35.0, 4.36.0, 4.36.1, 4.37.0, 4.38.0, 4.39.0, 4.40.0, 4.40.1, 4.40.2, 4.41.0, 4.41.1, 4.42.0, 4.42.1, 4.43.0, 4.44.0, 4.44.1, 4.45.0, 4.46.0, 4.46.1, 4.47.0, 4.48.0, 4.48.1, 4.48.2, 4.49.0, 4.50.0, 4.50.1, 4.50.2, 4.51.0, 4.52.0, 4.53.0, 4.54.0, 4.54.1, 4.55.0, 4.55.1, 4.55.2, 4.56.0, 4.56.1, 4.56.2, 4.57.0, 4.58.0, 4.59.0, 4.60.0, 4.61.0, 4.61.1, 4.61.2, 4.62.0, 4.62.1, 4.62.2, 4.62.3, 4.63.0, 4.63.1, 4.63.2, 4.64.0, 4.64.1, 4.65.0, 4.65.1, 4.65.2, 4.66.0, 4.66.1, 4.66.2, 4.66.3, 4.66.4, 4.66.5