vulnerability

Oracle Linux: CVE-2024-36039: ELSA-2024-4244: python3.11-PyMySQL security update (MODERATE) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	May 21, 2024	Jul 3, 2024	Dec 3, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

May 21, 2024

Added

Jul 3, 2024

Modified

Dec 3, 2025

Description

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escape_dict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries.

Solutions

oracle-linux-upgrade-python3-11-pymysqloracle-linux-upgrade-python3-11-pymysql-rsaoracle-linux-upgrade-python3-12-pymysqloracle-linux-upgrade-python3-12-pymysql-rsa

References

CVE-2024-36039
https://attackerkb.com/topics/CVE-2024-36039
ELSA-ELSA-2024-4244
ELSA-ELSA-2024-4245
ELSA-ELSA-2024-9193
ELSA-ELSA-2024-9194
CWE-89

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today