Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:47166
HistoryMay 24, 2024 - 8:27 a.m.

SQL Injection

2024-05-2408:27:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
pymysql
sql injection
vulnerability
json sanitization
arbitrary sql
untrusted input
security

8.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

PyMySQL is vulnerable to SQL Injection. The vulnerability is due to improper JSON sanitization within the escape_dict function, which allows an attacker execute arbitrary SQL if an application handles untrusted JSON user input.

CPENameOperatorVersion
pymysqlle1.1.0
pymysqlle1.1.0

8.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%