Lucene search
Gentoo FoundationMGASA-2024-0299HistorySep 13, 2024 - 8:15 p.m.
Updated python-tqdm package fixes security vulnerability
2024-09-1320:15:41
Gentoo Foundation
advisories.mageia.org
1
python-tqdm
security vulnerability
optional cli arguments
arbitrary code execution
unix
CVSS3
4.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
7.6
Confidence
Low
Any optional non-boolean CLI arguments (e.g. --delim, --buf-size, --manpath) are passed through python’s eval, allowing arbitrary code execution. This issue is only locally exploitable.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 9 | noarch | python-tqdm | < 4.64.1-2.1 | python-tqdm-4.64.1-2.1.mga9 |
Related
nessus
nessus
CBL Mariner 2.0 Security Update: python-tqdm (CVE-2024-34062)
2024-07-03 00:00:00
Fedora 40 : python-tqdm (2024-35acb3b48f)
2024-05-16 00:00:00
Amazon Linux 2023 : python3-tqdm (ALAS2023-2024-690)
2024-08-06 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-34062 affecting package conda for versions less than 24.1.2-2
2024-07-22 15:42:40
CVE-2024-34062 affecting package python-tqdm for versions less than 4.63.1-3
2024-06-12 22:23:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0299)
2024-09-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1872-1)
2024-08-20 00:00:00
Fedora: Security Advisory (FEDORA-2024-35acb3b48f)
2024-05-27 00:00:00
vulnrichment
vulnrichment
CVE-2024-34062 tqdm CLI arguments injection attack
2024-05-03 09:55:26
osv
osv
CGA-wprj-p696-fg4q
2024-06-06 12:26:31
CVE-2024-34062
2024-05-03 10:15:08
tqdm CLI arguments injection attack
2024-05-03 19:33:28
cvelist
cvelist
CVE-2024-34062 tqdm CLI arguments injection attack
2024-05-03 09:55:26
github
github
tqdm CLI arguments injection attack
2024-05-03 19:33:28
ibm
ibm
cgr
cgr
CVE-2024-34062 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-34062 vulnerabilities
2024-09-18 09:28:50
nvd
nvd
CVE-2024-34062
2024-05-03 10:15:08
veracode
veracode
Code Injection
2024-05-06 11:52:57
fedora
fedora
[SECURITY] Fedora 40 Update: python-tqdm-4.66.4-2.fc40
2024-05-16 01:52:32
[SECURITY] Fedora 39 Update: python-tqdm-4.66.4-2.fc39
2024-05-16 01:09:30
[SECURITY] Fedora 38 Update: python-tqdm-4.66.4-2.fc38
2024-05-16 01:27:25
debiancve
debiancve
CVE-2024-34062
2024-05-03 10:15:08
redhatcve
redhatcve
CVE-2024-34062
2024-05-03 17:54:42
cve
cve
CVE-2024-34062
2024-05-03 10:15:08
alpinelinux
alpinelinux
CVE-2024-34062
2024-05-03 10:15:08
CVSS3
4.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
7.6
Confidence
Low
Related for MGASA-2024-0299