pyup-update-regex-2022.9.13-to-2025.9.18
7 months, 3 weeks ago
Update regex from 2022.9.13 to 2025.9.18
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-pytest-7.1.3-to-8.4.2
8 months, 1 week ago
Update pytest from 7.1.3 to 8.4.2
sqlparse 0.4.3 and regex 2022.9.13 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
| regex | 2022.9.13 | <2025.2.10 |
show Affected versions of this package are potentially vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in the V1 engine when processing patterns that combine full‑casefolding with the [\s\S]* quantifier. The engine’s AnyAll node fails to prevent nested quantifier backtracking, leading to infinite loops and CPU exhaustion. |
pyup-update-regex-2022.9.13-to-2025.9.1
8 months, 1 week ago
Update regex from 2022.9.13 to 2025.9.1
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-regex-2022.9.13-to-2025.8.29
8 months, 2 weeks ago
Update regex from 2022.9.13 to 2025.8.29
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typing-extensions-4.4.0-to-4.15.0
8 months, 2 weeks ago
Update typing-extensions from 4.4.0 to 4.15.0
sqlparse 0.4.3 and regex 2022.9.13 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
| regex | 2022.9.13 | <2025.2.10 |
show Affected versions of this package are potentially vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in the V1 engine when processing patterns that combine full‑casefolding with the [\s\S]* quantifier. The engine’s AnyAll node fails to prevent nested quantifier backtracking, leading to infinite loops and CPU exhaustion. |
pyup-update-regex-2022.9.13-to-2025.7.34
9 months, 2 weeks ago
Update regex from 2022.9.13 to 2025.7.34
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-regex-2022.9.13-to-2025.7.33
9 months, 2 weeks ago
Update regex from 2022.9.13 to 2025.7.33
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-regex-2022.9.13-to-2025.7.31
9 months, 2 weeks ago
Update regex from 2022.9.13 to 2025.7.31
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-regex-2022.9.13-to-2025.7.29
9 months, 2 weeks ago
Update regex from 2022.9.13 to 2025.7.29
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typing-extensions-4.4.0-to-4.14.1
10 months, 1 week ago
Update typing-extensions from 4.4.0 to 4.14.1
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-pytest-7.1.3-to-8.4.1
10 months, 3 weeks ago
Update pytest from 7.1.3 to 8.4.1
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-pytest-7.1.3-to-8.4.0
11 months, 1 week ago
Update pytest from 7.1.3 to 8.4.0
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typing-extensions-4.4.0-to-4.14.0
11 months, 1 week ago
Update typing-extensions from 4.4.0 to 4.14.0
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typing-extensions-4.4.0-to-4.13.2
1 year, 1 month ago
Update typing-extensions from 4.4.0 to 4.13.2
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typing-extensions-4.4.0-to-4.13.1
1 year, 1 month ago
Update typing-extensions from 4.4.0 to 4.13.1
sqlparse 0.4.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of the sqlparse package are vulnerable to Denial of Service (DoS) due to missing hard limits on token grouping recursion depth and token processing when formatting very large SQL tuple lists. During sqlparse.format() processing, the sqlparse.engine.grouping._group_matching() and sqlparse.engine.grouping._group() functions can recurse and iterate over excessively large tlist.tokens without enforcing MAX_GROUPING_DEPTH or MAX_GROUPING_TOKENS, allowing grouping work to grow until it effectively hangs. |
| sqlparse | 0.4.3 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.3 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.3 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
Python 3 badge
URL
https://pyup.io/repos/github/laowantong/paroxython/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/laowantong/paroxython/)
Restructured Text
.. image:: https://pyup.io/repos/github/laowantong/paroxython/python-3-shield.svg
:target: https://pyup.io/repos/github/laowantong/paroxython/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/laowantong/paroxython/"><img src="https://pyup.io/repos/github/laowantong/paroxython/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/laowantong/paroxython/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/laowantong/paroxython/
RDoc
{<img src="https://pyup.io/repos/github/laowantong/paroxython/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/laowantong/paroxython/]
pyup.io badge
URL
https://pyup.io/repos/github/laowantong/paroxython/shield.svg
Markdown
[](https://pyup.io/repos/github/laowantong/paroxython/)
Restructured Text
.. image:: https://pyup.io/repos/github/laowantong/paroxython/shield.svg
:target: https://pyup.io/repos/github/laowantong/paroxython/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/laowantong/paroxython/"><img src="https://pyup.io/repos/github/laowantong/paroxython/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/laowantong/paroxython/shield.svg(Updates)!:https://pyup.io/repos/github/laowantong/paroxython/
RDoc
{<img src="https://pyup.io/repos/github/laowantong/paroxython/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/laowantong/paroxython/]