7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.6%
The SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The vulnerability may lead to Denial of Service (DoS).
This issues has been fixed in sqlparse 0.4.4.
None.
This issue was discovered and reported by GHSL team member @erik-krogh (Erik Krogh Kristensen).
github.com/andialbrecht/sqlparse
github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a
github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
github.com/pypa/advisory-database/tree/main/vulns/sqlparse/PYSEC-2023-87.yaml
lists.debian.org/debian-lts-announce/2023/05/msg00017.html
nvd.nist.gov/vuln/detail/CVE-2023-30608
owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS