Source: tqdm X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for tqdm. CVE-2024-34062[0]: | tqdm is an open source progress bar for Python and CLI. Any optional | non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, | `--manpath`) are passed through python's `eval`, allowing arbitrary | code execution. This issue is only locally exploitable and had been | addressed in release version 4.66.3. All users are advised to | upgrade. There are no known workarounds for this vulnerability. https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p Fixed by: https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721 (v4.66.3) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-34062 https://www.cve.org/CVERecord?id=CVE-2024-34062 Please adjust the affected versions in the BTS as needed.