python-pymysql: SQL injection if used with untrusted JSON input

A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escapedict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries...

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: python3.11-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

RHEL 8 : python3 (RHSA-2024:4245)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4245 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

USN-6801-1: PyMySQL vulnerability

It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL injection attacks...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : PyMySQL vulnerability (USN-6801-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6801-1 advisory. It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL...

[SECURITY] [DLA 3822-1] python-pymysql security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3822-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 27, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

CVE-2024-36039

A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escapedict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries. Mitigation Make sure the permissions are set correctly for each user, database, table,...

SUSE CVE-2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

GHSA-V9HF-5J83-6XPP PyMySQL SQL Injection vulnerability

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

CVE-2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

CVE-2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

CVE-2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

CVE-2024-4420

There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an...

CVE-2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

PT-2024-31032 · Google · Tink-Cc

Name of the Vulnerable Software and Affected Versions: Tink-cc versions prior to 2.1.3 Description: The issue is related to a Denial of service vulnerability. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in Tink-cc by providing an input that is not an encoded JSON...

CVE-2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

PT-2024-30188 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm affected versions not specified Description: A vulnerability exists in the workspace update process due to improper input validation. The application fails to validate or format JSON data sent in an HTTP POST request to...

GHSA-XVQ9-4VPV-227M Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...

Buffer Overflow

cn.hutool, hutool-json is vulnerable to Buffer Overflow. The vulnerability is caused by missing validation for JSON input passed to the JSONUtil.parse method. An attacker can cause a heap buffer overflow by sending a specially crafted JSON string leading to an application crash or unexpected...