PYSEC-2017-74

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/tqdm/PYSEC-2017-74.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2017-74
Aliases
Published
2017-01-19T20:59:00Z
Modified
2023-11-08T03:58:09.498949Z
Summary
[none]
Details

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.

References

Affected packages

PyPI / tqdm

Package

Name
tqdm
View open source insights on deps.dev
Purl
pkg:pypi/tqdm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.11.2

Affected versions

1.*

1.0

2.*

2.0.0.dev0
2.0.0
2.2.3
2.2.4

3.*

3.1.3
3.1.4
3.4.0
3.7.0
3.7.1
3.8.0

4.*

4.1.0
4.4.0
4.4.1
4.4.3
4.5.0
4.5.2
4.6.1
4.6.2
4.7.0
4.7.1
4.7.2
4.7.4
4.7.6
4.8.1
4.8.2
4.8.3
4.8.4
4.9.0
4.10.0
4.11.0
4.11.1