CVE-2021-32839

Uncontrolled Resource Consumption in pypi/sqlparse

Identifier

CVE-2021-32839

Package Slug

pypi/sqlparse

Vulnerability

Uncontrolled Resource Consumption

Description

sqlparse is a non-validating SQL parser module for Python. There is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression.

Affected Versions

All versions starting from 0.4.0 before 0.4.2

Solution

Upgrade to version 0.4.2 or above.

Last Modified

2021-10-01

source