PYSEC-2026-210

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/sqlfluff/PYSEC-2026-210.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-210
Aliases
Published
2026-06-09T23:16:59.313Z
Modified
2026-06-13T10:45:05.231816283Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion. This issue has been patched in version 4.2.0.

References

Affected packages

PyPI / sqlfluff

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.0

Affected versions

0.*
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.9
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.3.2
0.3.2.post1
0.3.2.post2
0.3.3
0.3.4
0.3.5
0.3.6
0.4.0a1
0.4.0a2
0.4.0a3
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.6.0a1
0.6.0a2
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0a1
0.7.0a2
0.7.0a3
0.7.0a5
0.7.0a8
0.7.0
0.7.1
0.8.0
0.8.1
0.8.2
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.10.0
0.10.1
0.11.0
0.11.1
0.11.2
0.12.0
0.13.0
0.13.1
0.13.2
1.*
1.0.0
1.1.0
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
2.*
2.0.0a1
2.0.0a2
2.0.0a3
2.0.0a4
2.0.0a5
2.0.0a6
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
3.*
3.0.0a1
3.0.0a2
3.0.0a3
3.0.0a4
3.0.0a5
3.0.0a6
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.1.0
3.1.1
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.3.0
3.3.1
3.4.0
3.4.1
3.4.2
3.5.0
4.*
4.0.0a1
4.0.0a2
4.0.0a3
4.0.0
4.0.1.post1
4.0.3
4.0.4a1
4.0.4
4.1.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/sqlfluff/PYSEC-2026-210.yaml"