<p>Upgrade <code>Wolfi</code> <code>py3-tqdm</code> to version 4.66.4-r0 or higher.</p>

CVE-2024-34062 Affecting py3-tqdm package, versions <4.66.4-r0

Snyk CVSS

NVD CVSS Score is not yet available. When available we recommend using the distro's own rating score.

Threat Intelligence

EPSS 0.04% (9^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-WOLFILATEST-PY3TQDM-6811544
published 7 May 2024
disclosed 3 May 2024

Report a new vulnerability Found a mistake?

Introduced: 3 May 2024

New CVE-2024-34062 Open this link in a new tab

How to fix?

Upgrade Wolfi py3-tqdm to version 4.66.4-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream py3-tqdm package and not the py3-tqdm package as distributed by Wolfi. See How to fix? for Wolfi relevant fixed versions and status.

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. --delim, --buf-size, --manpath) are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.