You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 22, 2024. It is now read-only.
Fix: Pin sqlparse to version 0.5.0
Security information
Factors contributing to the scoring:
Snyk: CVSS 7.5 - High Severity
NVD: NVD only publishes analysis of vulnerabilities which are assigned a CVE ID. This vulnerability currently does not have an assigned CVE ID. Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Uncontrolled Recursion due to the parsing of heavily nested lists. An attacker can cause the application to crash by submitting a specially crafted list that triggers a RecursionError.
Note: The impact depends on the use, so anyone parsing a user input with sqlparse.parse() is affected.
Completion Criteria
upgrade sqlparse v0.5.0
The text was updated successfully, but these errors were encountered:
Introduced through
[email protected], [email protected] and others
Fixed in
[email protected]
Exploit maturity
PROOF OF CONCEPT
Detailed paths and remediation
Introduced through: [email protected] › [email protected] › [email protected]
Fix: Pin sqlparse to version 0.5.0
Introduced through: [email protected] › [email protected] › [email protected] › [email protected]
Fix: Pin sqlparse to version 0.5.0
Introduced through: [email protected] › [email protected] › [email protected] › [email protected] › [email protected] › [email protected]
Fix: Pin sqlparse to version 0.5.0
Security information
Factors contributing to the scoring:
Snyk: CVSS 7.5 - High Severity
NVD: NVD only publishes analysis of vulnerabilities which are assigned a CVE ID. This vulnerability currently does not have an assigned CVE ID.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Uncontrolled Recursion due to the parsing of heavily nested lists. An attacker can cause the application to crash by submitting a specially crafted list that triggers a RecursionError.
Note: The impact depends on the use, so anyone parsing a user input with sqlparse.parse() is affected.
Completion Criteria
The text was updated successfully, but these errors were encountered: