sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.
Find out more about CVE-2023-30608 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Requires LTSS | -- | -- | -- |
| Wind River Linux 8 | Requires LTSS | -- | -- | -- |
| Wind River Linux 9 | Requires LTSS | -- | -- | -- |
| Wind River Linux 7 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 21 | Fixed |
LIN1021-5660 |
10.21.20.18 | -- |
| Wind River Linux LTS 22 | Fixed |
LIN1022-4041 |
10.22.33.10(hot fix) | -- |
| Wind River Linux LTS 18 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 19 | Fixed |
LIN1019-9732 |
10.19.45.28 | -- |
| Wind River Linux CD release | Fixed | -- | LINCD-next | -- |
| Wind River Linux 6 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 23 | Fixed |
LIN1023-39 |
10.23.30.1 | -- |
| VxWorks | ||||
| VxWorks 7 | Not Vulnerable | -- | -- | -- |
| VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
| Helix Virtualization Platform Cert Edition | ||||
| Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
| Product Name | Status | Defect | Fixed | Downloads |
|---|
