Allocation of Resources Without Limits or Throttling Affecting sqlparse package, versions [,0.5.4)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Allocation of Resources Without Limits or Throttling vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PYTHON-SQLPARSE-14157217
- published3 Dec 2025
- disclosed2 Dec 2025
- creditUnknown
Introduced: 2 Dec 2025
New CVE NOT AVAILABLE CWE-770 (opens in a new tab)How to fix?
Upgrade sqlparse to version 0.5.4 or higher.
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via algorithmic complexity in the SQL parsing logic. The parser fails to enforce limits when handling deeply nested tuples or unusually large token sequences, allowing an attacker to submit crafted SQL statements with extreme nesting depth or token counts. This causes excessive CPU and memory consumption, leading to service slowdown or outage.
Note: This vulnerability exists due to an incomplete fix for CVE-2024-4340.