Inefficient Regular Expression Complexity
CVE-2023-30608
Summary
The sqlparse is a non-validating SQL parser module for Python. In affected versions, the SQL parser contains a regular expression that is vulnerable to Regular Expression Denial of Service. The vulnerability may lead to Denial of Service (DoS). This issue affects versions 0.1.15 through 0.4.3. Users are advised to upgrade. There are no known workarounds for this issue.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published