VYPR
Moderate severityNVD Advisory· Published Apr 18, 2023· Updated Nov 3, 2025

Parser contains an inefficient regular expression in sqlparse

CVE-2023-30608

Description

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit c457abd5f. Users are advised to upgrade. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sqlparsePyPI
>= 0.1.15, < 0.4.40.4.4

Affected products

345

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.