PT-2017-7723 · Tqdm · Tqdm

Jwilk

Published

2017-01-19

Updated

2022-05-14

CVE-2016-10075

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions tqdm versions 4.4.1 through 4.10

Description The issue allows local users to execute arbitrary code via a crafted repository with a malicious git log in the current working directory. This is possible due to a flaw in the tqdm. version module.

Recommendations For versions 4.4.1 through 4.10, consider disabling the tqdm. version module as a temporary workaround until a patch is available. Restrict access to the current working directory to minimize the risk of exploitation. Avoid using the tqdm library in environments where a malicious git log could be present until the issue is resolved.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17CWE-94

Related Identifiers

CVE-2016-10075

GHSA-R7Q7-XCJW-QX8Q

OPENSUSE-SU-2024:11276-1

PYSEC-2017-74

Affected Products

Tqdm

PT-2017-7723 · Tqdm · Tqdm

CVE-2016-10075

Weakness Enumeration

Related Identifiers

Affected Products

References · 17