ID CVE-2023-30608
Summary sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.
References
Vulnerable Configurations
  • cpe:2.3:a:sqlparse_project:sqlparse:0.1.15:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.1.15:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.1.16:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.1.16:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.1.17:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.1.17:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.1.18:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.1.18:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.1.19:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.1.19:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.2.0:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.2.0:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.2.1:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.2.1:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.2.2:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.2.2:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.2.3:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.2.3:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.2.4:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.2.4:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.3.0:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.3.0:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.3.1:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.3.1:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.4.0:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.4.0:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.4.1:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.4.1:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.4.2:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.4.2:*:*:*:*:python:*:*
  • cpe:2.3:a:sqlparse_project:sqlparse:0.4.3:*:*:*:*:python:*:*
    cpe:2.3:a:sqlparse_project:sqlparse:0.4.3:*:*:*:*:python:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-1333
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 14-06-2023 - 18:14
Published 18-04-2023 - 22:15
Last modified 14-06-2023 - 18:14
Back to Top