发布时间: 2024年5月10日
修改时间: 2024年5月24日
tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 4.8 | 4.8 |
| Attack Vector | Local | Local |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | Required | Required |
| Scope | Unchanged | Unchanged |
| Confidentiality | Low | Low |
| Integrity | Low | Low |
| Availability | Low | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-1503 | python-tqdm security update | 2024年5月10日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.5.1 | python-tqdm | Fixed |
| KY3.5.2 | python-tqdm | Fixed |
