admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-34062.md

18 lines
1012 B
Markdown
Raw Normal View History

Update CVE sources 2024-06-08 09:32
2024-06-08 09:32:58 +00:00
### [CVE-2024-34062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34062)
![](https://img.shields.io/static/v1?label=Product&message=tqdm&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%204.4.0%2C%20%3C%204.66.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%3A%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen)
### Description
tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/CopperEagle/CopperEagle
Reference in New Issue Copy Permalink