sqlparse is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability exists due to inefficient regular expression complexity in the lexer.py
regex element which allows an attacker to crash the application by submitting maliciously crafted input.
github.com/andialbrecht/sqlparse/blob/e75e35869473832a1eb67772b1adfee2db11b85a/sqlparse/lexer.py#L194
github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a
github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
lists.debian.org/debian-lts-announce/2023/05/msg00017.html
owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS