OESA-2024-1658

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1658

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1658.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-1658

Upstream

CVE-2024-34062

Published

2024-05-24T11:08:09Z

Modified

2025-08-12T05:43:49.638126Z

Summary

python-tqdm security update

Details

tqdm derives from the Arabic word taqaddum which can mean "progress". Instantly make your loops show a smart progress meter - just wrap any iterable with tqdm(interable), and you are done!

Security Fix(es):

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. --delim, --buf-size, --manpath) are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-34062)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP2 / python-tqdm

Package

Name: python-tqdm
Purl: pkg:rpm/openEuler/python-tqdm&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.56.0-4.oe2203sp2

Ecosystem specific

{
    "noarch": [
        "python-tqdm-help-4.56.0-4.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "python-tqdm-4.56.0-4.oe2203sp2.src.rpm"
    ],
    "aarch64": [
        "python3-tqdm-4.56.0-4.oe2203sp2.aarch64.rpm"
    ],
    "x86_64": [
        "python3-tqdm-4.56.0-4.oe2203sp2.x86_64.rpm"
    ]
}