1. Home
  2. Security Advisories
  3. Amazon Linux
  4. ALAS2-2023-2117

[ALAS2-2023-2117] Amazon Linux 2 2017.12 - ALAS2-2023-2117: medium priority package update for python3-pygments

Severity Medium
Affected Packages 2
CVEs 1
Info Packages References Vulnerabilities

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2021-27291:
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

Package Affected Version
pkg:rpm/amazonlinux/python3-pygments?arch=noarch&distro=amazonlinux-2 < 2.2.0-3.amzn2.0.3
pkg:rpm/amazonlinux/python3-pygments-doc?arch=noarch&distro=amazonlinux-2 < 2.2.0-3.amzn2.0.3
ID
ALAS2-2023-2117
Severity
medium
URL
https://alas.aws.amazon.com/AL2/ALAS-2023-2117.html
Published
2023-07-05T22:01:00
(14 months ago)
Modified
2023-07-19T22:27:00
(14 months ago)
Rights
Amazon Linux Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/amazonlinux/python3-pygments?arch=noarch&distro=amazonlinux-2 amazonlinux python3-pygments < 2.2.0-3.amzn2.0.3 amazonlinux-2 noarch
Affected pkg:rpm/amazonlinux/python3-pygments-doc?arch=noarch&distro=amazonlinux-2 amazonlinux python3-pygments-doc < 2.2.0-3.amzn2.0.3 amazonlinux-2 noarch
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date