CVE-2024-9774 | THREATINT

Description

A vulnerability was found in python-sql where unary operators do not escape non-Expression.

PUBLISHED Reserved 2024-10-09 | Published 2024-12-27 | Updated 2025-08-30 | Assigner redhat

MEDIUM: 6.5CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

Improper Neutralization of Escape, Meta, or Control Sequences

Product status

Default status

unaffected

Any version before 1.5.2

affected

Timeline

2024-12-17:	Reported to Red Hat.
2024-10-02:	Made public.

References

lists.debian.org/debian-lts-announce/2024/10/msg00023.html

access.redhat.com/security/cve/CVE-2024-9774 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2332734 (RHBZ#2332734) issue-tracking

discuss.tryton.org/t/security-release-for-issue-93/7889/3

cve.org (CVE-2024-9774)

nvd.nist.gov (CVE-2024-9774)

Download JSON

help @ threatint.eu