PYSEC-2017-74

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tqdm/PYSEC-2017-74.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2017-74

Aliases

Published

2017-01-19T20:59:00Z

Modified

2023-11-08T03:58:09.498949Z

Summary

[none]

Details

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.

References

Affected packages

PyPI / tqdm

Package

Name: tqdm; View open source insights on deps.dev
Purl: pkg:pypi/tqdm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.11.2

Affected versions

1.*

1.0

2.*

2.0.0.dev0

2.0.0

2.2.3

2.2.4

3.*

3.1.3

3.1.4

3.4.0

3.7.0

3.7.1

3.8.0

4.*

4.1.0

4.4.0

4.4.1

4.4.3

4.5.0

4.5.2

4.6.1

4.6.2

4.7.0

4.7.1

4.7.2

4.7.4

4.7.6

4.8.1

4.8.2

4.8.3

4.8.4

4.9.0

4.10.0

4.11.0

4.11.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/tqdm/PYSEC-2017-74.yaml"