GHSA-62qf-jcq8-8gxw: Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service

April 30, 2024 (updated May 1, 2024)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-2m57-hf25-phgg. This link is maintained to preserve external references.

Original Description

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

References

github.com/advisories/GHSA-2m57-hf25-phgg
github.com/advisories/GHSA-62qf-jcq8-8gxw
github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03
nvd.nist.gov/vuln/detail/CVE-2024-4340
research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292

Detect and mitigate GHSA-62qf-jcq8-8gxw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →