Allocation of Resources Without Limits or Throttling Affecting sqlatypemodel package, versions [,0.5.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-SQLATYPEMODEL-14894359
  • published7 Jan 2026
  • disclosed1 Jan 2026
  • creditUnknown

Introduced: 1 Jan 2026

CVE NOT AVAILABLE CWE-674  (opens in a new tab)
CWE-770  (opens in a new tab)

How to fix?

Upgrade sqlatypemodel to version 0.5.0 or higher.

Overview

sqlatypemodel is a Typed JSON fields for SQLAlchemy with automatic mutation tracking

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to uncontrolled recursion when processing deeply nested JSON-like structures. An attacker can supply specially crafted nested input that triggers excessive recursion, leading to stack exhaustion or excessive CPU usage and causing the service to crash or become unresponsive.

CVSS Base Scores

version 4.0
version 3.1