Safety vulnerability ID: 70790
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tqdm version 4.66.3 addresses CVE-2024-34062, a vulnerability where optional non-boolean CLI arguments like `--delim`, `--buf-size`, and `--manpath` were passed through Python's `eval`, allowing for arbitrary code execution. This security risk, only locally exploitable, has been mitigated in this release. Users are advised to upgrade to version 4.66.3 immediately as there are no workarounds for this issue.
Latest version: 4.67.1
Fast, Extensible Progress Meter
- `cli`: `eval` safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application