Safety CI > igoraserpac/learning-django

pyup-scheduled-update-2024-05-06

2 years ago

56d14ed5

Update sqlparse from 0.4.4 to 0.5.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-05-06

2 years ago

7e9f4869

Update sentry-sdk from 1.37.1 to 2.1.1

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

b7a3628a

Update s3transfer from 0.8.0 to 0.10.1

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

09ef8ad6

Update python-dateutil from 2.8.2 to 2.9.0.post0

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

b9856c80

Update pytest-django from 4.7.0 to 4.8.0

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

05248a87

Update pytest from 7.4.3 to 8.2.0

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

bbd71422

Update pygments from 2.17.2 to 2.18.0

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

6e235011

Update prompt-toolkit from 3.0.41 to 3.0.43

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

98e51324

Update pluggy from 1.3.0 to 1.5.0

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

b2666587

Update parso from 0.8.3 to 0.8.4

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

f206e324

Update packaging from 23.2 to 24.0

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

320688a4

Update matplotlib-inline from 0.1.6 to 0.1.7

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

481f49dd

Update model-bakery from 1.17.0 to 1.18.0

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

ff0cf7fe

Update ipython from 8.18.1 to 8.24.0

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-scheduled-update-2024-05-06

2 years ago

ba45bb79

Update idna from 3.6 to 3.7

sqlparse 0.4.4 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.4	<0.5.4	show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.
sqlparse	0.4.4	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.4	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.4

<0.5.4

show

Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs.

sqlparse

0.4.4

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.4

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.