PyPI package
tqdm
pkg:pypi/tqdm
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-34062 | Med | 4.8 | >= 4.4.0, < 4.66.3 | 4.66.3 | May 3, 2024 | tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in relea | |
| CVE-2016-10075 | Hig | 7.8 | >= 4.4.1, < 4.11.2 | 4.11.2 | Jan 19, 2017 | The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. |
- affected >= 4.4.0, < 4.66.3fixed 4.66.3
tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in relea
- affected >= 4.4.1, < 4.11.2fixed 4.11.2
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.