Vulnerability	Vulnerable Version
H Uncontrolled Recursion sqlfluffrs is a The SQL Linter for Humans Affected versions of this package are vulnerable to Uncontrolled Recursion through the `ParseContext` and parser recursion in the SQL parser components. An attacker can exhaust parser stack depth and force repeated parse failures by supplying deeply nested SQL, such as long chains of brackets or other recursive grammar constructs. This can cause parsing to crash or stall, preventing users from linting or processing affected SQL inputs. How to fix Uncontrolled Recursion? Upgrade `sqlfluffrs` to version 4.1.0 or higher.	[,4.1.0)
H Allocation of Resources Without Limits or Throttling sqlfluffrs is a The SQL Linter for Humans Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the `Parser`, `ParseContext`, and Rust parser match-tree handling in the parser components. An attacker can force excessive parse-tree growth by supplying unusually wide or expansive SQL that drives the parser to materialize an excessive number of nodes. This can exhaust CPU and memory during parsing and linting, causing the user’s SQL processing to stall or fail with an unhandled parse error. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `sqlfluffrs` to version 4.2.0 or higher.	[,4.2.0)

Uncontrolled Recursion

sqlfluffrs is a The SQL Linter for Humans

Affected versions of this package are vulnerable to Uncontrolled Recursion through the ParseContext and parser recursion in the SQL parser components. An attacker can exhaust parser stack depth and force repeated parse failures by supplying deeply nested SQL, such as long chains of brackets or other recursive grammar constructs. This can cause parsing to crash or stall, preventing users from linting or processing affected SQL inputs.

How to fix Uncontrolled Recursion?

Upgrade sqlfluffrs to version 4.1.0 or higher.

[,4.1.0)

Allocation of Resources Without Limits or Throttling

sqlfluffrs is a The SQL Linter for Humans

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Parser, ParseContext, and Rust parser match-tree handling in the parser components. An attacker can force excessive parse-tree growth by supplying unusually wide or expansive SQL that drives the parser to materialize an excessive number of nodes. This can exhaust CPU and memory during parsing and linting, causing the user’s SQL processing to stall or fail with an unhandled parse error.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade sqlfluffrs to version 4.2.0 or higher.

[,4.2.0)

Go back to all versions of this package