sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-18T21:32:11.145Z
Updated: 2024-08-02T14:28:51.924Z
Reserved: 2023-04-13T13:25:18.830Z
Link: CVE-2023-30608
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-18T22:15:08.267
Modified: 2024-11-21T08:00:29.867
Link: CVE-2023-30608
Redhat