| Package | sqlparse |
|---|---|
| Version | 0.2.2-1+deb9u1 (stretch) |
| Related CVEs | CVE-2023-30608 |
Erik Krogh Kristensen discovered that sqlparse, a non-validating SQL parser, contained a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
For Debian 9 stretch, these problems have been fixed in version 0.2.2-1+deb9u1.
We recommend that you upgrade your sqlparse packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.