The SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The vulnerability may lead to Denial of Service (DoS).
This issues has been fixed in sqlparse 0.4.4.
None.
This issue was discovered and reported by GHSL team member @erik-krogh (Erik Krogh Kristensen). - Commit that introduced the vulnerability: e75e35869473832a1eb67772b1adfee2db11b85a
{ "nvd_published_at": "2023-04-18T22:15:08Z", "cwe_ids": [ "CWE-1333" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-04-21T20:24:21Z" }