Debian Sqlparse vulnerabilities

CVE-2024-4340 [HIGH] CVE-2024-4340: sqlparse - Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service d... Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. Scope: local bookworm: resolved (fixed in 0.4.2-1+deb12u1) bullseye: resolved (fixed in 0.4.1-1+deb11u1) forky: resolved (fixed in 0.5.0-1) sid: resolved (fixed in 0.5.0-1) trixie: resolved (fixed in 0.5.0-1)

CVE-2023-30608 [MEDIUM] CVE-2023-30608: sqlparse - sqlparse is a non-validating SQL parser module for Python. In affected versions ... sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Us

CVE-2021-32839 [HIGH] CVE-2021-32839: sqlparse - sqlparse is a non-validating SQL parser module for Python. In sqlparse versions ... sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is