Andialbrecht Sqlparse vulnerabilities
2 known vulnerabilities affecting andialbrecht/sqlparse.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-30608HIGHCVSS 7.5v>= 0.1.15, < 0.4.42023-04-18
CVE-2023-30608 [HIGH] CWE-1333 CVE-2023-30608: sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser conta
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c
nvd
CVE-2021-32839HIGHCVSS 7.5v>= 0.4.0, < 0.4.22021-09-20
CVE-2021-32839 [HIGH] CWE-400 CVE-2021-32839: sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 ther
sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL
nvd