7.5
CVSSv3

CVE-2023-30608

Published: 18/04/2023 Updated: 14/06/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sqlparse project sqlparse

debian debian linux 10.0

Vendor Advisories

Synopsis Moderate: RHUI 450 release - Security, Bug Fixes, and Enhancements Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An updated version of Red Hat Update Infrastructure (RHUI) is now available RHUI 45 fixes seve ...
Debian Bug report logs - #1034615 sqlparse: CVE-2023-30608 Package: src:sqlparse; Maintainer for src:sqlparse is Andrii Senkovych <andrii@senkovychcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 19 Apr 2023 19:27:06 UTC Severity: important Tags: security, upstream Found in version sqlparse/0 ...
DescriptionThe MITRE CVE dictionary describes this issue as: sqlparse is a non-validating SQL parser module for Python In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) This issue was introduced by commit `e75e358` The vulnerability may lead to Denial of Service ( ...