CVE 2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

Related bugs and status

CVE-2024-36039 (Candidate) is related to these bugs:

Bug #1891484: python-pymysql ftbfs in focal

Summary				In	Importance	Status
	1891484	python-pymysql ftbfs in focal		python-pymysql (Ubuntu)	High	Fix Released

Bug #2067545: [Debian] Medium CVE: CVE-2024-36039 python-pymysql: SQL injection

Summary				In	Importance	Status
	2067545	[Debian] Medium CVE: CVE-2024-36039 python-pymysql: SQL injection		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.