VYPR
High severity7.8NVD Advisory· Published Jan 19, 2017· Updated Jun 17, 2026

CVE-2016-10075

CVE-2016-10075

Description

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tqdmPyPI
>= 4.4.1, < 4.11.24.11.2
tqdmPyPI
>= 4.10.0, < 4.11.24.11.2

Affected products

3
  • Tqdm/Tqdm2 versions
    cpe:2.3:a:tqdm_project:tqdm:4.10:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:tqdm_project:tqdm:4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:tqdm_project:tqdm:4.4.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 4.4.1, < 4.11.2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.