Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
Package
python-sqlparse
(Python)
Affected versions
>=0.1.15
Patched versions
0.4.4
Description
Credits
-
erik-krogh Reporter
Impact
The SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The vulnerability may lead to Denial of Service (DoS).
Patches
This issues has been fixed in sqlparse 0.4.4.
Workarounds
None.
References
This issue was discovered and reported by GHSL team member @erik-krogh (Erik Krogh Kristensen).