sqlparse@0.4.3 vulnerabilities

A non-validating SQL parser.

Direct Vulnerabilities

Known vulnerabilities in the sqlparse package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Uncontrolled Recursion

Affected versions of this package are vulnerable to Uncontrolled Recursion due to the parsing of heavily nested lists. An attacker can cause the application to crash by submitting a specially crafted list that triggers a RecursionError.

Note: The impact depends on the use, so anyone parsing a user input with sqlparse.parse() is affected.

How to fix Uncontrolled Recursion?

Upgrade sqlparse to version 0.5.0 or higher.

[,0.5.0)
  • H
Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to using an inefficient pattern which can cause excessive backtracking, leading to performance degradation.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade sqlparse to version 0.4.4 or higher.

[0.1.15,0.4.4)