PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. Reference: https://github.com/advisories/GHSA-v9hf-5j83-6xpp Upstream patch: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
Created python-PyMySQL tracking bugs for this issue: Affects: fedora-all [bug 2282822]
Created python-PyMySQL tracking bugs for this issue: Affects: epel-7 [bug 2292655]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:4244 https://access.redhat.com/errata/RHSA-2024:4244
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:4245 https://access.redhat.com/errata/RHSA-2024:4245