Описание
Security update for python-PyMySQL
This update for python-PyMySQL fixes the following issues:
- CVE-2024-36039: Fixed SQL injection if used with untrusted JSON input (bsc#1225070).
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP5
python3-PyMySQL-0.7.11-150000.3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
python3-PyMySQL-0.7.11-150000.3.3.1
openSUSE Leap 15.5
python3-PyMySQL-0.7.11-150000.3.3.1
Ссылки
- Link for SUSE-SU-2024:1855-1
- E-Mail link for SUSE-SU-2024:1855-1
- SUSE Security Ratings
- SUSE Bug 1225070
- SUSE CVE CVE-2024-36039 page
Описание
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:python3-PyMySQL-0.7.11-150000.3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-PyMySQL-0.7.11-150000.3.3.1
openSUSE Leap 15.5:python3-PyMySQL-0.7.11-150000.3.3.1
Ссылки
- CVE-2024-36039
- SUSE Bug 1225070