Skip to main content

Inefficient Regular Expression Complexity

CVE-2023-30608

Severity High
Score 7.5/10

Summary

The sqlparse is a non-validating SQL parser module for Python. In affected versions, the SQL parser contains a regular expression that is vulnerable to Regular Expression Denial of Service. The vulnerability may lead to Denial of Service (DoS). This issue affects versions 0.1.15 through 0.4.3. Users are advised to upgrade. There are no known workarounds for this issue.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Advisory Timeline

  • Published