3 matches found
EUVD-2026-35855
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...
CVE-2026-46374
SQLFluff (Python SQL linter/formatter) contains a Denial of Service vulnerability (CVE-2026-46374) in versions prior to 4.2.0 when untrusted users can submit long SQL queries for linting, causing resource exhaustion during parsing. The issue is triggered by the parser creating an excessive parse ...
Allocation of Resources Without Limits or Throttling
Overview sqlfluff is a The SQL Linter for Humans Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Parser, ParseContext, and Rust parser match-tree handling in the parser components. An attacker can force excessive parse-tree grow...