CVE-2024-4340

moderate-risk
Published 2024-04-30

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Do I need to act?

!
16.0% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

References (7)

https://github.com/advisories/GHSA-2m57-hf25-phgg
https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b...
https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-20...
https://github.com/advisories/GHSA-2m57-hf25-phgg
https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b...
https://lists.debian.org/debian-lts-announce/2024/12/msg00022.html
https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-20...
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 13/34 · Low
Exposure 5/34 · Minimal