PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON
input because keys are not escaped by escape_dict.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | python-pymysql | < any | UNKNOWN |
ubuntu | 20.04 | noarch | python-pymysql | < 0.9.3-2ubuntu3.1 | UNKNOWN |
ubuntu | 22.04 | noarch | python-pymysql | < 1.0.2-1ubuntu1.22.04.1 | UNKNOWN |
ubuntu | 23.10 | noarch | python-pymysql | < 1.0.2-1ubuntu1.23.10.1 | UNKNOWN |
ubuntu | 24.04 | noarch | python-pymysql | < 1.0.2-2ubuntu1.1 | UNKNOWN |
ubuntu | 16.04 | noarch | python-pymysql | < any | UNKNOWN |