GHSA-r7q7-xcjw-qx8q

Suggest an improvement
Source
https://github.com/advisories/GHSA-r7q7-xcjw-qx8q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r7q7-xcjw-qx8q/GHSA-r7q7-xcjw-qx8q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-r7q7-xcjw-qx8q
Aliases
Published
2022-05-14T02:19:48Z
Modified
2024-02-16T08:17:19.199832Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
TDQM Arbitrary Code Execution
Details

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.

References

Affected packages

PyPI / tqdm

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.1
Fixed
4.11.2

Affected versions

4.*

4.4.1
4.4.3
4.5.0
4.5.2
4.6.1
4.6.2
4.7.0
4.7.1
4.7.2
4.7.4
4.7.6
4.8.1
4.8.2
4.8.3
4.8.4
4.9.0
4.10.0
4.11.0
4.11.1

PyPI / tqdm

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.10.0
Fixed
4.11.2

Affected versions

4.*

4.10.0
4.11.0
4.11.1