The below gist hangs while attempting to format a long list of tuples. This was found while drafting a regression test for Dja ngo 5.2's composite primary key feature, which allows querying composite fields with tuples.
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2m57-hf25-phgg. This link is maintained to preserve external references. Original Description Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
This advisory duplicates another.
The SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The vulnerability may lead to Denial of Service (DoS).
The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments.