Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular Expression Denial of Service in sqlparse
Vulnerability Description
sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
sqlparse 资源管理错误漏洞
Vulnerability Description
sqlparse是 Python 的非验证 SQL 解析器。它提供对 SQL 语句的解析、拆分和格式化的支持。 sqlparse 0.4.0 和 0.4.1 版本中存在资源管理错误漏洞,该漏洞允许攻击者进行ReDoS(正则表达式拒绝服务)的攻击。
CVSS Information
N/A
Vulnerability Type
N/A