Alma Linux: CVE-2024-36039: Moderate: python3.11-PyMySQL security update (Multiple Advisories)

Alma Linux: CVE-2024-36039: Moderate: python3.11-PyMySQL security update (Multiple Advisories)

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/21/2024

Created

07/04/2024

Added

07/04/2024

Modified

11/19/2024

Description

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

Solution(s)

• alma-upgrade-python3.11-pymysql
• alma-upgrade-python3.11-pymysql+rsa
• alma-upgrade-python3.12-pymysql
• alma-upgrade-python3.12-pymysql+rsa

References

• https://attackerkb.com/topics/cve-2024-36039
• CVE - 2024-36039
• https://errata.almalinux.org/8/ALSA-2024-4244.html
• https://errata.almalinux.org/8/ALSA-2024-4245.html
• https://errata.almalinux.org/9/ALSA-2024-9193.html
• https://errata.almalinux.org/9/ALSA-2024-9194.html