{"id":"AZL-44457","summary":"CVE-2024-36039 affecting package python-PyMySQL for versions less than 1.1.1-3","details":"PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.","modified":"2026-04-01T05:15:37.871088Z","published":"2024-05-21T16:15:26Z","upstream":["CVE-2024-36039"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36039"}],"affected":[{"package":{"name":"python-PyMySQL","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/python-PyMySQL"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44457.json"}}],"schema_version":"1.7.5"}