漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Parser contains an inefficient regular expression in sqlparse
Vulnerability Description
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
sqlparse 安全漏洞
Vulnerability Description
sqlparse是 Python 的非验证 SQL 解析器。它提供对 SQL 语句的解析、拆分和格式化的支持。 sqlparse 0.1.15版本及之后版本存在安全漏洞。攻击者利用该漏洞导致系统拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A