INFSA-2024:9194: python3.11-PyMySQL security update
Information about definition
Identificator: INFSA-2024:9194
Type: security
Release date: 2024-12-13 11:35:23 UTC
Information about package
This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython.
Vulnerabilities description
- CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-36039
|
no information | 6.3 | no information |
Updated packages