CVE-2021-20270

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.28 % (69^th)

Affected Products 7

Advisories 21

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Weaknesses

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2021-03-23 17:15:13
(3 years ago)
Updated Date: 2021-12-10 17:04:10
(2 years ago)

Affected Products

Redhat

Configuration #1

		CPE23	From	Up To
	Pygments from 1.5 version and 2.7.3 and prior versions	cpe:2.3:a:pygments:pygments	>= 1.5	<= 2.7.3

Configuration #2

		CPE23	From	Up To
	Redhat Openshift Container Platform 3.11	cpe:2.3:a:redhat:openshift_container_platform:3.11
	Redhat Openshift Container Platform 4.0	cpe:2.3:a:redhat:openshift_container_platform:4.0
	Redhat Openstack Platform 10.0	cpe:2.3:a:redhat:openstack_platform:10.0
	Redhat Software Collections	cpe:2.3:a:redhat:software_collections:-
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33

Configuration #4

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Weaknesses

Affected Products

Debian

Fedoraproject

Pygments

Redhat

Configuration #1

Configuration #2

Configuration #3

Configuration #4