CVE-2024-36039
Published: 21 May 2024
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
Priority
Status
Package | Release | Status |
---|---|---|
python-pymysql Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Released
(0.9.3-2ubuntu3.1)
|
|
jammy |
Released
(1.0.2-1ubuntu1.22.04.1)
|
|
mantic |
Released
(1.0.2-1ubuntu1.23.10.1)
|
|
noble |
Released
(1.0.2-2ubuntu1.1)
|
|
upstream |
Released
(1.1.1-1)
|
|
xenial |
Needs triage
|
|
Patches: upstream: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c |