Skip to content
This repository has been archived by the owner on May 22, 2024. It is now read-only.

[Snyk:High] Sqlparse (Due 05/17/24) #851

Open
1 task
tmpayton opened this issue Apr 17, 2024 · 0 comments
Open
1 task

[Snyk:High] Sqlparse (Due 05/17/24) #851

tmpayton opened this issue Apr 17, 2024 · 0 comments
Assignees
Labels
Security: high Remediate within 30 days
Milestone

Comments

@tmpayton
Copy link
Contributor

Introduced through
[email protected], [email protected] and others

Fixed in
[email protected]

Exploit maturity
PROOF OF CONCEPT

Detailed paths and remediation
Introduced through: [email protected][email protected][email protected]
Fix: Pin sqlparse to version 0.5.0
Introduced through: [email protected][email protected][email protected][email protected]
Fix: Pin sqlparse to version 0.5.0
Introduced through: [email protected][email protected][email protected][email protected][email protected][email protected]

Fix: Pin sqlparse to version 0.5.0
Security information
Factors contributing to the scoring:
Snyk: CVSS 7.5 - High Severity

NVD: NVD only publishes analysis of vulnerabilities which are assigned a CVE ID. This vulnerability currently does not have an assigned CVE ID.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Uncontrolled Recursion due to the parsing of heavily nested lists. An attacker can cause the application to crash by submitting a specially crafted list that triggers a RecursionError.

Note: The impact depends on the use, so anyone parsing a user input with sqlparse.parse() is affected.

Completion Criteria

  • upgrade sqlparse v0.5.0
@tmpayton tmpayton added the Security: high Remediate within 30 days label Apr 17, 2024
@tmpayton tmpayton added this to the 24.i milestone Apr 17, 2024
@tmpayton tmpayton moved this to 🗄️ PI backlog in Website project Apr 17, 2024
@JonellaCulmer JonellaCulmer moved this from 🗄️ PI backlog to 📥 Assigned in Website project May 9, 2024
@JonellaCulmer JonellaCulmer modified the milestones: 24.i, 25.1 May 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Security: high Remediate within 30 days
Projects
Archived in project
Development

No branches or pull requests

2 participants