Safety CI > laowantong/paroxython

pyup-update-regex-2022.9.13-to-2023.5.5

2 years, 8 months ago

ce843c45

Update regex from 2022.9.13 to 2023.5.5

sqlparse 0.4.3 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.3	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.3	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.
sqlparse	0.4.3	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-sqlparse-0.4.3-to-0.4.4

2 years, 8 months ago

c7e496df

Update sqlparse from 0.4.3 to 0.4.4