PyPi: Tqdm

CVE-2024-34062

Safety vulnerability ID: 70790

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 03, 2024 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Tqdm version 4.66.3 addresses CVE-2024-34062, a vulnerability where optional non-boolean CLI arguments like `--delim`, `--buf-size`, and `--manpath` were passed through Python's `eval`, allowing for arbitrary code execution. This security risk, only locally exploitable, has been mitigated in this release. Users are advised to upgrade to version 4.66.3 immediately as there are no workarounds for this issue.

Affected package

tqdm

Latest version: 4.67.1

Fast, Extensible Progress Meter

Affected versions

Fixed versions

Vulnerability changelog

- `cli`: `eval` safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application