Lucene search

K
mageiaGentoo FoundationMGASA-2024-0185
HistoryMay 22, 2024 - 2:17 a.m.

Updated python-sqlparse packages fix security vulnerability

2024-05-2202:17:20
Gentoo Foundation
advisories.mageia.org
14
python
sqlparse
vulnerability
recursion
denial of service
unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

OSVersionArchitecturePackageVersionFilename
Mageia9noarchpython-sqlparse< 0.4.4-1.1python-sqlparse-0.4.4-1.1.mga9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%