PatchSiren

Tqdm Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Tqdm Project CVE published 2017-01-19

CVE-2016-10075

CVE-2016-10075 is a high-severity local code execution issue in tqdm’s _version module. According to the CVE description and NVD record, vulnerable versions 4.4.1 and 4.10 can be abused when a crafted repository with a malicious git log is present in the current working directory, allowing arbitrary code execution by a local user context.