sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-18T21:32:11.145Z

Updated: 2024-08-02T14:28:51.924Z

Reserved: 2023-04-13T13:25:18.830Z

Link: CVE-2023-30608

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-18T22:15:08.267

Modified: 2024-11-21T08:00:29.867

Link: CVE-2023-30608

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-04-19T00:00:00Z

Links: CVE-2023-30608 - Bugzilla