A vulnerability in tqdm could allow remote attackers to execute arbitrary code.
Package | dev-python/tqdm on all architectures |
---|---|
Affected versions | < 4.23.3 |
Unaffected versions | >= 4.23.3 |
tqdm is a smart progress meter.
A vulnerablility was discovered in tqdm._version that could allow a malicious git log within the current working directory.
A remote attacker could execute arbitrary commands by enticing a user to clone a crafted repo.
There is no known workaround at this time.
All tqdm users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/tqdm-4.23.3"
Release date
July 18, 2018
Latest revision
July 18, 2018: 1
Severity
normal
Exploitable
remote
Bugzilla entries