sqlparse@0.4.2 vulnerabilities
A non-validating SQL parser.
-
latest version
0.5.0
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
a month ago
-
licenses detected
- [0.4.0,0.4.4)
Direct Vulnerabilities
Known vulnerabilities in the sqlparse package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Uncontrolled Recursion due to the parsing of heavily nested lists. An attacker can cause the application to crash by submitting a specially crafted list that triggers a Note:
The impact depends on the use, so anyone parsing a user input with How to fix Uncontrolled Recursion? Upgrade |
[,0.5.0)
|
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to using an inefficient pattern which can cause excessive backtracking, leading to performance degradation. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[0.1.15,0.4.4)
|