diff --git a/CVE-2024-34062.patch b/CVE-2024-34062.patch
new file mode 100644
index 0000000000000000000000000000000000000000..54c208054f6b74f26b8865427de2afbfe4d27b4d
--- /dev/null
+++ b/CVE-2024-34062.patch
@@ -0,0 +1,60 @@
+From b53348c73080b4edeb30b4823d1fa0d8d2c06721 Mon Sep 17 00:00:00 2001
+From: Casper da Costa-Luis <tqdm@cdcl.ml>
+Date: Wed, 1 May 2024 14:56:01 +0100
+Subject: [PATCH] cli: eval safety
+
+- fixes GHSA-g7vv-2v7x-gj9p
+---
+ tqdm/cli.py | 33 ++++++++++++++++++++++-----------
+ 1 file changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/tqdm/cli.py b/tqdm/cli.py
+index 1223d4977..7284f28d5 100644
+--- a/tqdm/cli.py
++++ b/tqdm/cli.py
+@@ -21,23 +21,34 @@ def cast(val, typ):
+                 return cast(val, t)
+             except TqdmTypeError:
+                 pass
+-        raise TqdmTypeError(val + ' : ' + typ)
++        raise TqdmTypeError(f"{val} : {typ}")
+ 
+     # sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n')
+     if typ == 'bool':
+         if (val == 'True') or (val == ''):
+             return True
+-        elif val == 'False':
++        if val == 'False':
+             return False
+-        else:
+-            raise TqdmTypeError(val + ' : ' + typ)
+-    try:
+-        return eval(typ + '("' + val + '")')
+-    except Exception:
+-        if typ == 'chr':
+-            return chr(ord(eval('"' + val + '"'))).encode()
+-        else:
+-            raise TqdmTypeError(val + ' : ' + typ)
++        raise TqdmTypeError(val + ' : ' + typ)
++    if typ == 'chr':
++        if len(val) == 1:
++            return val.encode()
++        if re.match(r"^\\\w+$", val):
++            return eval(f'"{val}"').encode()
++        raise TqdmTypeError(f"{val} : {typ}")
++    if typ == 'str':
++        return val
++    if typ == 'int':
++        try:
++            return int(val)
++        except ValueError as exc:
++            raise TqdmTypeError(f"{val} : {typ}") from exc
++    if typ == 'float':
++        try:
++            return float(val)
++        except ValueError as exc:
++            raise TqdmTypeError(f"{val} : {typ}") from exc
++    raise TqdmTypeError(f"{val} : {typ}")
+ 
+ 
+ def posix_pipe(fin, fout, delim=b'\\n', buf_size=256,
diff --git a/python-tqdm.spec b/python-tqdm.spec
index a6d67506b970667cb10de57ee1d534c481670ffd..215f7ecae9de3c7e469881b49fbd12bd7adfdd78 100644
--- a/python-tqdm.spec
+++ b/python-tqdm.spec
@@ -2,11 +2,13 @@
 
 Name:           python-tqdm
 Version:        4.56.0
-Release:        3
+Release:        4
 Summary:        A Fast and Extensible Progress Bar for Python and CLI
 License:        MPLv2.0 and MIT
 URL:            https://github.com/tqdm/tqdm
 Source0:        https://files.pythonhosted.org/packages/69/50/9f29874d835945b845812799edc732ba30c41e9d20431f9f69c8ffb9c670/tqdm-%{version}.tar.gz
+# https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721
+Patch0:         CVE-2024-34062.patch
 
 BuildRequires:  python3-devel python3-setuptools gcc python3-toml python3-setuptools_scm
 
@@ -52,6 +54,9 @@ mv -v %{buildroot}%{python3_sitelib}/tqdm/tqdm.1 %{buildroot}%{_mandir}/man1/
 %{_mandir}/man1/tqdm.1*
 
 %changelog
+* Mon May 06 2024 yaoxin <yao_xin001@hoperun.com> - 4.56.0-4
+- Fix CVE-2024-34062
+
 * Mon Nov 14 2022 xu_ping <xuping33@h-partners.com> - 4.56.0-3
 - change source path