OESA-2024-1554

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1554

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1554.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-1554

Upstream

CVE-2024-34062

Published

2024-05-10T11:07:56Z

Modified

2025-08-12T05:43:48.576545Z

Summary

python-tqdm security update

Details

tqdm derives from the Arabic word taqaddum which can mean "progress". Instantly make your loops show a smart progress meter - just wrap any iterable with tqdm(interable), and you are done!

Security Fix(es):

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. --delim, --buf-size, --manpath) are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-34062)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS / python-tqdm

Package

Name: python-tqdm
Purl: pkg:rpm/openEuler/python-tqdm&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.56.0-4.oe2203

Ecosystem specific

{
    "noarch": [
        "python-tqdm-help-4.56.0-4.oe2203.noarch.rpm"
    ],
    "src": [
        "python-tqdm-4.56.0-4.oe2203.src.rpm"
    ],
    "aarch64": [
        "python3-tqdm-4.56.0-4.oe2203.aarch64.rpm"
    ],
    "x86_64": [
        "python3-tqdm-4.56.0-4.oe2203.x86_64.rpm"
    ]
}