python-pymysql: SQL injection if used with untrusted JSON input

A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escapedict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries...

python-pymysql: SQL injection if used with untrusted JSON input

A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escapedict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries...

RHEL 8 : python3.11-PyMySQL (RHSA-2024:4244)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4244 advisory. This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy,...

Moderate: python3.11-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

ALSA-2024:4244 Moderate: python3.11-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

python3.11-PyMySQL security update

1.0.2-2 - Security fix for CVE-2024-36039 Resolves: RHEL-38365...

Fedora: Security Advisory (FEDORA-2024-b26f07d27b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-e7141ab284)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : python-PyMySQL (2024-b26f07d27b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b26f07d27b advisory. Update to 1.1.1 to fix CVE CVE-2024-36039 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

Fedora 39 : python-PyMySQL (2024-e7141ab284)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e7141ab284 advisory. Update to 1.1.1 to fix CVE CVE-2024-36039 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

OESA-2024-1719 python-PyMySQL security update

This package contains a pure-Python MySQL client library, based on PEP 249. Most public APIs are compatible with mysqlclient and MySQLdb. Security Fixes: PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict.CVE-2024-36039...

openSUSE Security Advisory (SUSE-SU-2024:1925-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20240611-04

A vulnerability in the JSON Handler component of the Python PyMySQL library of MySQL is related to keys not being escaped properly using escapedict. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to data, tampering with data, or potentially...

openSUSE 15 Security Update : python-PyMySQL (SUSE-SU-2024:1925-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:1925-1 advisory. - CVE-2024-36039: Fixed SQL injection when used with untrusted JSON input bsc1225070. Tenable has extracted the preceding description block directly from the...

SUSE-SU-2024:1925-1 Security update for python-PyMySQL

This update for python-PyMySQL fixes the following issues: - CVE-2024-36039: Fixed SQL injection when used with untrusted JSON input bsc1225070...

Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-3466)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3466 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...

USN-6801-1 python-pymysql vulnerability

It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL injection attacks...

USN-6801-1: PyMySQL vulnerability

It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL injection attacks...

Debian: Security Advisory (DSA-5700-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : PyMySQL vulnerability (USN-6801-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6801-1 advisory. It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL...