{"id":"MGASA-2024-0299","summary":"Updated python-tqdm package fixes security vulnerability","details":"Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`,\n`--manpath`) are passed through python's `eval`, allowing arbitrary code\nexecution. This issue is only locally exploitable.\n","modified":"2026-04-16T00:12:42.753616578Z","published":"2024-09-13T17:15:41Z","upstream":["CVE-2024-34062"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0299.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33533"},{"type":"WEB","url":"https://lists.suse.com/pipermail/sle-security-updates/2024-August/019257.html"}],"affected":[{"package":{"name":"python-tqdm","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/python-tqdm?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.64.1-2.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0299.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}