CVE-2023-30608

CVSS V2 None CVSS V3 None

Description

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.

Overview

CVE ID
CVE-2023-30608

Assigner
security-advisories@github.com

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-18T22:15:08

Last Modified Date
2023-04-19T12:39:47

Weakness Enumerations

CWE	URL
CWE-1333	http://cwe.mitre.org/data/definitions/1333.html

References

Reference URL	Reference Tags
https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-30608
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30608

History

Created	Old Value	New Value	Data Type	Notes
2023-04-19 00:01:39				Added to TrackCVE
2023-04-19 00:01:39			Weakness Enumeration	new
2023-04-19 13:00:48		2023-04-19T12:39:47	CVE Modified Date	updated
2023-04-19 13:00:48	Received	Awaiting Analysis	Vulnerability Status	updated
2023-04-25 17:01:10	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated