
We found results for “”
CVE-2023-30608
Good to know:


Date: April 18, 2023
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit "e75e358". The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit "c457abd5f". Users are advised to upgrade. There are no known workarounds for this issue.
Language: Python
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Inefficient Regular Expression Complexity
CWE-1333Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |