sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit e75e358
. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit c457abd5f
. Users are advised to upgrade. There are no known workarounds for this issue.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.2.4-0.1ubuntu0.1", "binary_name": "pypy-sqlparse" }, { "binary_version": "0.2.4-0.1ubuntu0.1", "binary_name": "python-sqlparse" }, { "binary_version": "0.2.4-0.1ubuntu0.1", "binary_name": "python-sqlparse-doc" }, { "binary_version": "0.2.4-0.1ubuntu0.1", "binary_name": "python3-sqlparse" }, { "binary_version": "0.2.4-0.1ubuntu0.1", "binary_name": "sqlformat" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.2.4-3ubuntu0.1", "binary_name": "pypy-sqlparse" }, { "binary_version": "0.2.4-3ubuntu0.1", "binary_name": "python-sqlparse-doc" }, { "binary_version": "0.2.4-3ubuntu0.1", "binary_name": "python3-sqlparse" }, { "binary_version": "0.2.4-3ubuntu0.1", "binary_name": "sqlformat" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.4.2-1ubuntu0.22.04.1", "binary_name": "python-sqlparse-doc" }, { "binary_version": "0.4.2-1ubuntu0.22.04.1", "binary_name": "python3-sqlparse" }, { "binary_version": "0.4.2-1ubuntu0.22.04.1", "binary_name": "sqlformat" } ] }