{"id":"AZL-43726","summary":"CVE-2024-36039 affecting package python-PyMySQL 0.9.3-3","details":"PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.","modified":"2026-04-01T05:15:16.268412Z","published":"2024-05-21T16:15:26Z","upstream":["CVE-2024-36039"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36039"}],"affected":[{"package":{"name":"python-PyMySQL","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/python-PyMySQL"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.9.3-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43726.json"}}],"schema_version":"1.7.5"}