| Package | python-pymysql |
|---|---|
| Version | 0.7.10-1+deb9u1 (stretch) |
| Related CVEs | CVE-2024-36039 |
It was discovered that there was a potential SQL injection attack in
python-pymysql, a MySQL client library for Python. This was exploitable when
python-pymysql was used with untrusted JSON input as keys were not escaped by
the escape_dict routine.
For Debian 9 stretch, these problems have been fixed in version 0.7.10-1+deb9u1.
We recommend that you upgrade your python-pymysql packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.