Lucene search
GitHub Advisory DatabaseGHSA-V9HF-5J83-6XPPHistoryMay 21, 2024 - 6:31 p.m.
PyMySQL SQL Injection vulnerability
2024-05-2118:31:23
CWE-89
GitHub Advisory Database
github.com
25
pymysql
sql injection
fix
untrusted json
escape_dict
software
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
Affected configurations
Node
pymysqlRange<1.1.1
References
github.com/advisories/GHSA-v9hf-5j83-6xpp
github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
github.com/PyMySQL/PyMySQL/releases/tag/v1.1.1
lists.debian.org/debian-lts-announce/2024/05/msg00017.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23VXBV34GFRICCVYZ6KFMSSWY5UEXCF5
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35VOJS3SRJNLQIO7YTZFNM6RWHIHWTMK
nvd.nist.gov/vuln/detail/CVE-2024-36039
Related
nessus
nessus
Fedora 39 : python-PyMySQL (2024-e7141ab284)
2024-06-23 00:00:00
Debian dsa-5700 : python-pymysql-doc - security update
2024-05-29 00:00:00
Debian dla-3822 : python-pymysql - security update
2024-05-29 00:00:00
vulnrichment
vulnrichment
CVE-2024-36039
2024-05-21 00:00:00
redhatcve
redhatcve
CVE-2024-36039
2024-05-23 19:21:13
debian
debian
[SECURITY] [DLA 3822-1] python-pymysql security update
2024-05-27 10:36:52
[SECURITY] [DSA 5700-1] python-pymysql security update
2024-05-29 17:35:02
nvd
nvd
CVE-2024-36039
2024-05-21 16:15:26
openvas
openvas
openSUSE: Security Advisory for python (SUSE-SU-2024:1925-1)
2024-06-12 00:00:00
Debian: Security Advisory (DSA-5700-1)
2024-05-30 00:00:00
Ubuntu: Security Advisory (USN-6801-1)
2024-05-30 00:00:00
osv
osv
CVE-2024-36039
2024-05-21 16:15:26
python-pymysql - security update
2024-05-27 00:00:00
python-pymysql - security update
2024-05-29 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: python-PyMySQL-1.1.1-1.fc39
2024-06-24 01:39:16
[SECURITY] Fedora 40 Update: python-PyMySQL-1.1.1-1.fc40
2024-06-24 06:37:30
veracode
veracode
SQL Injection
2024-05-24 08:27:02
cvelist
cvelist
CVE-2024-36039
2024-05-21 00:00:00
ubuntu
ubuntu
PyMySQL vulnerability
2024-05-30 00:00:00
redos
redos
ROS-20240611-04
2024-06-11 00:00:00
wolfi
wolfi
CVE-2024-36039 vulnerabilities
2024-06-26 03:08:30
debiancve
debiancve
CVE-2024-36039
2024-05-21 16:15:26
ubuntucve
ubuntucve
CVE-2024-36039
2024-05-21 00:00:00
cve
cve
CVE-2024-36039
2024-05-21 16:15:26