4 matches found
PYSEC-2026-502 PyMySQL SQL Injection vulnerability
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
AZL-43726 CVE-2024-36039 affecting package python-PyMySQL 0.9.3-3
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
UBUNTU-CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
PT-2024-4421
Name of the Vulnerable Software and Affected Versions PyMySQL versions 1.1.0 and earlier Description The issue is related to the JSON Handler component of the PyMySQL library for Python, which does not properly escape keys using the escape dict procedure. This can allow a remote attacker to gain...