python3.12-PyMySQL-1.1.0-3.el8_10

エラータID: AXSA:2024-8536:01

Release date: 
Friday, July 5, 2024 - 18:12
Subject: 
python3.12-PyMySQL-1.1.0-3.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python-pymysql: SQL injection if used with untrusted JSON input (CVE-2024-36039)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

Solution: 

Update packages.

CVEs: 
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.12-PyMySQL-1.1.0-3.el8_10.src.rpm
    MD5: 3a5759db605b41454001462a6bf0ef75
    SHA-256: edc1b682cdf8ea9e2636b20004a9cf6ab2a2d72de2262c0f8c8577d0b1313b8a
    Size: 55.58 kB

Asianux Server 8 for x86_64
  1. python3.12-PyMySQL-1.1.0-3.el8_10.noarch.rpm
    MD5: 73ce4b101132d26f27724da72c13f538
    SHA-256: 9e71af960de427a6f71462110ff8308fb27b0691623065fb0911252991b3a16d
    Size: 104.18 kB