CVE-2023-30608

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-30608
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30608.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-30608
Aliases
Related
Published
2023-04-18T22:15:08Z
Modified
2024-12-21T20:51:02.832321Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit c457abd5f. Users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Debian:11 / sqlparse

Package

Name
sqlparse
Purl
pkg:deb/debian/sqlparse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.1-1+deb11u1

Affected versions

0.*

0.4.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / sqlparse

Package

Name
sqlparse
Purl
pkg:deb/debian/sqlparse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.2-1
0.4.4-1
0.5.0-1
0.5.1-1
0.5.1-2
0.5.2-1
0.5.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / sqlparse

Package

Name
sqlparse
Purl
pkg:deb/debian/sqlparse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.4-1

Affected versions

0.*

0.4.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/andialbrecht/sqlparse

Affected ranges

Type
GIT
Repo
https://github.com/andialbrecht/sqlparse
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.13
0.1.14
0.1.15
0.1.16
0.1.17
0.1.18
0.1.19
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.4.0
0.4.1
0.4.2
0.4.3