High severity7.8NVD Advisory· Published Jan 19, 2017· Updated May 13, 2026
CVE-2016-10075
CVE-2016-10075
Description
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tqdmPyPI | >= 4.4.1, < 4.11.2 | 4.11.2 |
tqdmPyPI | >= 4.10.0, < 4.11.2 | 4.11.2 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.openwall.com/lists/oss-security/2016/12/28/8nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/95143nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-r7q7-xcjw-qx8qghsaADVISORY
- github.com/tqdm/tqdm/issues/328nvdIssue TrackingVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-10075ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tqdm/PYSEC-2017-74.yamlghsaWEB
- github.com/tqdm/tqdm/pull/330ghsaWEB
- security.gentoo.org/glsa/201807-01nvdWEB
- web.archive.org/web/20170214023533/http://www.securityfocus.com/bid/95143ghsaWEB
News mentions
0No linked articles in our index yet.