CVE-2024-36039

Hi Scalyr agent maintainers,

The Scalyr agent uses the Python MySQL client library, for which a critical SQL injection vulnerability injection has recently been discovered. At the time of opening this issue, the Python MySQL library version 0.9.3 is used. A patch is introduced in version 1.1.1, and upgrading to a version >= fixes the vulnerability.

Are you planning on fixing the vulnerability any time soon?

References
- CVE https://nvd.nist.gov/vuln/detail/CVE-2024-36039
- Python MySQL library 0.9.3 used in latest commit https://github.com/scalyr/scalyr-agent-2/blob/master/dev-requirements-new.txt#L19
- Python MySQL library 1.1.0 fixes the vulnerability https://github.com/PyMySQL/PyMySQL/releases/tag/v1.1.1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2024-36039 #1276

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2024-36039 #1276

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions