python3.11-PyMySQL-1.0.2-2.el8_10
エラータID: AXSA:2024-8537:01
Release date:
Friday, July 5, 2024 - 18:23
Subject:
python3.11-PyMySQL-1.0.2-2.el8_10
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython.
Security Fix(es):
* python-pymysql: SQL injection if used with untrusted JSON input (CVE-2024-36039)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
Solution:
Update packages.
CVEs:
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
Additional Info:
N/A
Download:
SRPMS
- python3.11-PyMySQL-1.0.2-2.el8_10.src.rpm
MD5: c19ab15c35dbd108d1ed1732fc1949ab
SHA-256: e55b1cafffc50e6c239b211f4359d83b7ec09ada589862f64476daedae5b2489
Size: 53.35 kB
Asianux Server 8 for x86_64
- python3.11-PyMySQL-1.0.2-2.el8_10.noarch.rpm
MD5: 5d3ad69c0b96f1ebaa2c508613bb6c76
SHA-256: c76ea5f7b03546c28dc1e4b18164dda8f33e5249cf1292b1a8ce8f9693ea0cb4
Size: 104.89 kB
日本語