Allocation of Resources Without Limits or Throttling Affecting sqlatypemodel package, versions [,0.5.0)

Q: How to fix?

Upgrade sqlatypemodel to version 0.5.0 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PYTHON-SQLATYPEMODEL-14894359
published7 Jan 2026
disclosed1 Jan 2026
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 1 Jan 2026

CWE-674 (opens in a new tab) CWE-770 (opens in a new tab)

How to fix?

Upgrade sqlatypemodel to version 0.5.0 or higher.

Overview

sqlatypemodel is a Typed JSON fields for SQLAlchemy with automatic mutation tracking

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to uncontrolled recursion when processing deeply nested JSON-like structures. An attacker can supply specially crafted nested input that triggers excessive recursion, leading to stack exhaustion or excessive CPU usage and causing the service to crash or become unresponsive.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
Passive

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None