Lucene search
K

7 matches found

OSV
OSV
added 2026/06/09 11:16 p.m.7 views

PYSEC-2026-210

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

SQLFluff 资源管理错误漏洞

SQLFluff is an open-source SQL linter that features flexible and configurable syntax. Versions of SQLFluff prior to 4.2.0 contained a resource management vulnerability. This vulnerability stemmed from the parser’s improper handling of malicious long SQL queries, which could lead to resource...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 8:10 p.m.11 views

GHSA-73JC-5MRQ-PRW7 SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser

Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion. Patches Versions 4.2.0 and up contain a configurable parse node...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.6 views

PT-2025-52689

Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description The software is susceptible to a denial of service condition. Attackers can exploit this by sending specially crafted GraphQL queries containing deeply nested fields. These queries are designed to consu...

8.7CVSS6.7AI score0.00405EPSS
Exploits1References7
Snyk
Snyk
added 2025/11/25 8:41 p.m.2 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the querystring processing. An attacker can exhaust system resources and disrupt service availability by submitting excessively long Boolean or disjunction queries. PoC GET search "query": "querystring":...

8.3CVSS6.6AI score0.0047EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/08/09 12:23 p.m.10 views

mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

5.5CVSS7.4AI score0.004EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2022/02/04 8:0 a.m.5 views

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.

...

5.5CVSS7.7AI score0.004EPSS
Exploits1
Rows per page
Query Builder