-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pymysql | pip | < 1.1.1 | 1.1.1 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly states that 'keys are not escaped by escape_dict'. The provided commit 521e40050cb386a499f68f483fefd144c493053c directly modifies the escape_dict function in pymysql/converters.py. The original code in the patch shows that escape_dict processed dictionary values using escape_item but used the keys directly without escaping them. This lack of key escaping is the root cause of the SQL injection vulnerability. The fix in the patch is to make escape_dict raise a TypeError, thus preventing its vulnerable usage. The test file pymysql/tests/test_connection.py also shows changes related to how dictionary escaping is handled, confirming that escape_dict was the problematic function called via connection.escape() when a dictionary was passed.
The function pymysql.connections.Connection.escape would also appear in a stack trace as it's a public API method that, prior to the patch, would call the vulnerable escape_dict when a dictionary was passed as an argument. However, escape itself isn't the vulnerable function; it's the dispatcher. The vulnerability lies within escape_dict's handling of dictionary keys. Since the request is to identify vulnerable functions, escape_dict is the primary target. The test test_escape_dict_raise_typeerror in pymysql/tests/test_connection.py confirms that con.escape({"foo": Foo()}) is the way escape_dict would have been invoked, and this test now expects a TypeError due to the patch in escape_dict.