Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

CVE-2024-36039

Publication date 21 May 2024

Last updated 24 July 2024

Ubuntu priority

Why this priority?

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-pymysql	24.10 oracular	Fixed 1.1.1-1ubuntu1
	24.04 LTS noble	Fixed 1.0.2-2ubuntu1.1
	23.10 mantic	Fixed 1.0.2-1ubuntu1.23.10.1
	22.04 LTS jammy	Fixed 1.0.2-1ubuntu1.22.04.1
	20.04 LTS focal	Fixed 0.9.3-2ubuntu3.1
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
python-pymysql	Upstream: 521e400

References

Related Ubuntu Security Notices (USN)

USN-6801-1
PyMySQL vulnerability
30 May 2024

Other references