-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from the pre-2.8.2 implementation of get_file_transfer_type in cursor.py, which used regex patterns vulnerable to ReDoS. The commit diff shows these regexes were replaced with a safer approach in _sql_util.py that incrementally strips comments. The original regex patterns' structure (e.g., .* in /*.**/) creates exponential backtracking scenarios when processing inputs with many nested/unclosed comments, as confirmed by the added regression tests simulating 10,000 comment blocks.
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| snowflake-connector-python | pip | < 2.8.2 | 2.8.2 |
Ongoing coverage of React2Shell