Lucene search

K
redhatcveRedhat.comRH:CVE-2024-36039
HistoryMay 23, 2024 - 7:21 p.m.

CVE-2024-36039

2024-05-2319:21:13
redhat.com
access.redhat.com
6
pymysql
sql injection
json input
input sanitization
data access
data tampering
remote code execution

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escape_dict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries.

Mitigation

Make sure the permissions are set correctly for each user, database, table, operation, etc. Do not expose the PyMySQL library to untrusted JSON input.

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%