CVE-2024-36039: Python Incomplete Dict Escape
A function meant to escape or sanitize a dictionary iterates through its items, escaping the values but using the keys unchanged. This can lead to injection vulnerabilities if the keys are attacker-controlled. Ensure dictionary keys are also sanitized or reject dictionary types entirely if not supported.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Python
Pythongreprules fetch cve-2024-36039-python-incomplete-dict-escape --engine opengrepDescription
A function meant to escape or sanitize a dictionary iterates through its items, escaping the values but using the keys unchanged. This can lead to injection vulnerabilities if the keys are attacker-controlled. Ensure dictionary keys are also sanitized or reject dictionary types entirely if not supported.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0