Medium severity6.3OSV Advisory· Published May 21, 2024· Updated Apr 15, 2026
CVE-2024-36039
CVE-2024-36039
Description
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pymysqlPyPI | < 1.1.1 | 1.1.1 |
Affected products
41- osv-coords40 versionspkg:apk/chainguard/datadog-agentpkg:apk/chainguard/datadog-agent-core-integrationspkg:apk/chainguard/datadog-agent-fakeintakepkg:apk/chainguard/datadog-agent-jmxpkg:apk/chainguard/datadog-agent-oci-compatpkg:apk/chainguard/datadog-agent-s6-overlaypkg:apk/chainguard/datadog-cluster-agentpkg:apk/chainguard/datadog-cluster-agent-oci-compatpkg:apk/chainguard/dogstatsdpkg:apk/chainguard/py3.10-pymysqlpkg:apk/chainguard/py3.11-pymysqlpkg:apk/chainguard/py3.12-pymysqlpkg:apk/chainguard/py3.13-pymysqlpkg:apk/chainguard/py3-pymysqlpkg:apk/chainguard/py3-supported-pymysqlpkg:apk/wolfi/datadog-agentpkg:apk/wolfi/datadog-agent-core-integrationspkg:apk/wolfi/datadog-agent-fakeintakepkg:apk/wolfi/datadog-agent-jmxpkg:apk/wolfi/datadog-agent-oci-compatpkg:apk/wolfi/datadog-agent-s6-overlaypkg:apk/wolfi/datadog-cluster-agentpkg:apk/wolfi/datadog-cluster-agent-oci-compatpkg:apk/wolfi/dogstatsdpkg:apk/wolfi/py3.10-pymysqlpkg:apk/wolfi/py3.11-pymysqlpkg:apk/wolfi/py3.12-pymysqlpkg:apk/wolfi/py3.13-pymysqlpkg:apk/wolfi/py3-pymysqlpkg:apk/wolfi/py3-supported-pymysqlpkg:pypi/pymysqlpkg:rpm/almalinux/python3.11-PyMySQLpkg:rpm/almalinux/python3.11-PyMySQL%2Brsapkg:rpm/almalinux/python3.12-PyMySQLpkg:rpm/almalinux/python3.12-PyMySQL%2Brsapkg:rpm/opensuse/python-PyMySQL&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-PyMySQL&distro=openSUSE%20Leap%2015.6pkg:rpm/rocky-linux/python3.11-PyMySQL?distro=rocky-linux-9-x86-64&epoch=0pkg:rpm/suse/python-PyMySQL&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/python-PyMySQL&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 7.54.0-r1+ 39 more
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1-r0
- (no CPE)range: < 1.1.1
- (no CPE)range: < 1.0.2-2.el8_10
- (no CPE)range: < 1.0.2-2.el9
- (no CPE)range: < 1.1.0-3.el8_10
- (no CPE)range: < 1.1.0-3.el9
- (no CPE)range: < 0.7.11-150000.3.3.1
- (no CPE)range: < 1.1.0-150600.3.3.1
- (no CPE)range: < 0:1.0.2-2.el9
- (no CPE)range: < 0.7.11-150000.3.3.1
- (no CPE)range: < 0.7.11-150000.3.3.1
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-v9hf-5j83-6xppghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-36039ghsaADVISORY
- github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053cghsaWEB
- github.com/PyMySQL/PyMySQL/releases/tag/v1.1.1nvdWEB
- lists.debian.org/debian-lts-announce/2024/05/msg00017.htmlnvdWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23VXBV34GFRICCVYZ6KFMSSWY5UEXCF5ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35VOJS3SRJNLQIO7YTZFNM6RWHIHWTMKghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23VXBV34GFRICCVYZ6KFMSSWY5UEXCF5/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35VOJS3SRJNLQIO7YTZFNM6RWHIHWTMK/nvd
News mentions
0No linked articles in our index yet.