pysec-2023-87
Vulnerability from pysec
Published
2023-04-18 22:15
Modified
2023-06-14 20:24
Details
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit e75e358
. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit c457abd5f
. Users are advised to upgrade. There are no known workarounds for this issue.
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "sqlparse", "purl": "pkg:pypi/sqlparse" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "c457abd5f097dd13fb21543381e7cfafe7d31cfb" }, { "fixed": "e75e35869473832a1eb67772b1adfee2db11b85a" } ], "repo": "https://github.com/andialbrecht/sqlparse", "type": "GIT" }, { "events": [ { "introduced": "0.1.15" }, { "fixed": "0.4.4" } ], "type": "ECOSYSTEM" } ], "versions": [ "0.1.15", "0.1.16", "0.1.17", "0.1.18", "0.1.19", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.3.0", "0.3.1", "0.4.0", "0.4.1", "0.4.2", "0.4.3" ] } ], "aliases": [ "CVE-2023-30608", "GHSA-rrm6-wvj7-cwh2" ], "details": "sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.\n", "id": "PYSEC-2023-87", "modified": "2023-06-14T20:24:17.342510Z", "published": "2023-04-18T22:15:00Z", "references": [ { "type": "FIX", "url": "https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2" }, { "type": "ADVISORY", "url": "https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2" }, { "type": "WEB", "url": "https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS" }, { "type": "FIX", "url": "https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb" }, { "type": "FIX", "url": "https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a" }, { "type": "ARTICLE", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00017.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00017.html" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.