14 lines
1.0 KiB
JSON
14 lines
1.0 KiB
JSON
{
|
|
"id": "openEuler-SA-2024-1554",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1554",
|
|
"title": "An update for python-tqdm is now available for openEuler-22.03-LTS",
|
|
"severity": "Medium",
|
|
"description": "tqdm derives from the Arabic word taqaddum which can mean \"progress\". Instantly make your loops show a smart progress meter - just wrap any iterable with tqdm(interable), and you are done!\r\n\r\nSecurity Fix(es):\r\n\r\ntqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-34062)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2024-34062",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34062",
|
|
"severity": "Medium"
|
|
}
|
|
]
|
|
} |