PYSEC-2026-217
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/mariadb/PYSEC-2026-217.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2026-217
- Aliases
-
- BIT-mariadb-2026-44172
- BIT-mariadb-min-2026-44172
- BIT-mysql-client-2026-44172
- CVE-2026-44172
- GHSA-pv9p-5w55-55jm
- Published
- 2026-06-12T18:16:34.123Z
- Modified
- 2026-06-17T19:41:04.348078429Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysqlrealescapestring() was supposed to prevent them. This issue has been patched in versions 3.3.19 and 3.4.9.
- References
Affected packages
PyPI / mariadb
Package
- Name
- mariadb
- View open source insights on deps.dev
- Purl
- pkg:pypi/mariadb
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected3.3.18Last affected3.4.8
Affected versions
0.*
0.9.52
0.9.53
0.9.54
0.9.55
0.9.56
0.9.57
0.9.58
0.9.59
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.1.0a1
1.1.0b1
1.1.0b2
1.1.0rc1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.5.post1
1.1.5.post2
1.1.5.post3
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
2.*
2.0.0rc1
2.0.0rc2