The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Reference: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
Created python-sqlparse tracking bugs for this issue: Affects: fedora-all [bug 2005074]
Upstream commit: https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
Created python-sqlparse tracking bugs for this issue: Affects: openstack-rdo [bug 2005178]
This issue has been addressed in the following products: Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8 Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498