The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tqdm_project | tqdm | 4.4.1 |
| tqdm_project | tqdm | 4.10 |