ROS-20260525-73-0001

Vulnerability in python-sqlparse related to insufficient control of a resource while it exists. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Astra Linux - уязвимость в sqlparse

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

GHSA-27JP-WM6Q-GP25 sqlparse: formatting list of tuples leads to denial of service

Summary The below gist hangs while attempting to format a long list of tuples. This was found while drafting a regression test for Dja ngo 5.2's composite primary key feature, which allows querying composite fields with tuples...

sqlparse: formatting list of tuples leads to denial of service

Summary The below gist hangs while attempting to format a long list of tuples. This was found while drafting a regression test for Dja ngo 5.2's composite primary key feature, which allows querying composite fields with tuples...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via algorithmic complexity in the SQL parsing logic. The parser fails to enforce limits when handling deeply nested tuples or unusually large token sequences, allowing an attacker to...

acryl-datahub-gx-plugin (>=0.14.0.3 <=0.15.0rc15), agnostic (=1.0.3) +547 more potentially affected by CVE-2024-4340 via sqlparse (>=0.1.14 <=0.5.3)

sqlparse PYPI version =0.1.14, =0.14.0.3, =0.2.0, =0.0.1, =0.1.0, =2.0.0, =0.8.0, =0.0.1a0, =0.0.36, =2.1.1.3, =1.0.0, =1.0.2 and more Source cves: CVE-2024-4340 Source advisory: SNYK:PYTHON-SQLPARSE-14157217...

[SECURITY] Fedora 42 Update: python-sqlparse-0.4.2-14.fc42

sqlparse is a tool for parsing SQL strings. It can generate pretty-printed renderings of SQL in various formats. It is a python module, together with a command-line tool...

Fedora: Security Advisory (FEDORA-2025-d2d3a5fa79)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : python-sqlparse (2025-d2d3a5fa79)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d2d3a5fa79 advisory. This update backports the upstream fixes for CVE-2023-30608 and CVE-2024-4340. It also enables the test suite and corrects the SPDX license...

EUVD-2021-0250

Malware in sbrugna...

EUVD-2023-0243

Malicious code in bioql PyPI...

Security Bulletin: Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Vulnerability Details CVEID:CVE-2024-4340 DESCRIPTION: Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. CWE:CWE-674: Uncontrolled Recursio...

sqlparse: parsing heavily nested list leads to denial of service

A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse, where a recursion error may be triggered, which can lead to a denial of service...

TencentOS Server 4: python-sqlparse (TSSA-2024:0917)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0917 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

sqlparse: parsing heavily nested list leads to denial of service

A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse, where a recursion error may be triggered, which can lead to a denial of service...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to sqlparse-0.4.4-py3-none-any.whl CVE-2024-4340

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to sqlparse-0.4.4-py3-none-any.whl CVE-2024-4340. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4340 DESCRIPTION: sqlparse is vulnerable to a denial of service,...

Security Bulletin: sqlparse Vulnerability Affects IBM Data Observability by Databand Self-Hosted (CVE-2024-4340)

Summary A vulnerability in sqlparse was addressed in IBM Data Observability by Databand Self-Hosted Vulnerability Details CVEID:CVE-2024-4340 DESCRIPTION: sqlparse is vulnerable to a denial of service, caused by a flaw when passing a heavily nested list to the parse function. By sending a special...

ROS-20250121-01

A vulnerability in the sqlparse.parse function of the SQL parser module for Python Sqlparse is related to uncontrolled recursion when processing a highly nested list. recursion when processing a highly nested list. Exploiting the vulnerability allows an attacker, acting remotely, to cause a denia...

Debian: Security Advisory (DLA-4000-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4000-1] sqlparse security update

Debian LTS Advisory DLA-4000-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 21, 2024 https://wiki.debian.org/LTS Package : sqlparse Version : 0.4.1-1+deb11u1 CVE ID : CVE-2021-32839 CVE-2023-30608 CVE-2024-4340 Debian Bug : 994841 1034615 1070148 Multip...