CVE-2024-34062

CVSS v3.1

4.8

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions tqdm versions prior to 4.66.3

Description tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. --delim, --buf-size, --manpath) are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable.

Recommendations For versions prior to 4.66.3, upgrade to version 4.66.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of optional non-boolean CLI arguments until a patch is applied.

Exploit

Fix

Special Elements Injection

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-88

Related Identifiers

ALT-PU-2025-2199

AZL-40285

AZL-40307

BDU:2025-03340

CVE-2024-34062

GHSA-G7VV-2V7X-GJ9P

MGASA-2024-0299

OESA-2024-1554

OESA-2024-1555

OESA-2024-1658

OESA-2024-1659

OPENSUSE-SU-2024:13939-1

OPENSUSE-SU-2024_1872-1

SUSE-SU-2024:1872-1

SUSE-SU-2024_1872-1

USN-7216-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Tqdm

CVE-2024-34062

Weakness Enumeration

Related Identifiers

Affected Products

References · 43