[PYSEC-2021-140] pygments vulnerability

Severity High

Affected Packages 26

Fixed Packages 1

CVEs 1

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Package	Affected Version
pkg:pypi/pygments	>= 1.5, < 2.7.4
pkg:pypi/pygments	= 1.5
pkg:pypi/pygments	= 1.6
pkg:pypi/pygments	= 1.6rc1
pkg:pypi/pygments	= 2.0
pkg:pypi/pygments	= 2.0.1
pkg:pypi/pygments	= 2.0.2
pkg:pypi/pygments	= 2.0rc1
pkg:pypi/pygments	= 2.1
pkg:pypi/pygments	= 2.1.1
pkg:pypi/pygments	= 2.1.2
pkg:pypi/pygments	= 2.1.3
pkg:pypi/pygments	= 2.2.0
pkg:pypi/pygments	= 2.3.0
pkg:pypi/pygments	= 2.3.1
pkg:pypi/pygments	= 2.4.0
pkg:pypi/pygments	= 2.4.1
pkg:pypi/pygments	= 2.4.2
pkg:pypi/pygments	= 2.5.1
pkg:pypi/pygments	= 2.5.2
pkg:pypi/pygments	= 2.6.0
pkg:pypi/pygments	= 2.6.1
pkg:pypi/pygments	= 2.7.0
pkg:pypi/pygments	= 2.7.1
pkg:pypi/pygments	= 2.7.2
pkg:pypi/pygments	= 2.7.3

Package	Fixed Version
pkg:pypi/pygments	= 2.7.4

ID

PYSEC-2021-140

Severity

high

Severity from

CVE-2021-20270

URL

https://github.com/advisories/GHSA-9w8r-397f-prfh

Published

2021-03-23T17:15:00
(3 years ago)

Modified

2021-08-27T03:22:17
(3 years ago)

Other Advisories

Source	# ID	URL
REPORT		https://bugzilla.redhat.com/show_bug.cgi?id=1922136
ADVISORY		https://www.debian.org/security/2021/dsa-4889
WEB		https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
WEB		https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
ADVISORY	GHSA-9w8r-397f-prfh	https://github.com/advisories/GHSA-9w8r-397f-prfh

Type	Package URL	Name / Product	Version
Fixed	pkg:pypi/pygments	pygments	= 2.7.4
Affected	pkg:pypi/pygments	pygments	>= 1.5 < 2.7.4
Affected	pkg:pypi/pygments	pygments	= 1.5
Affected	pkg:pypi/pygments	pygments	= 1.6
Affected	pkg:pypi/pygments	pygments	= 1.6rc1
Affected	pkg:pypi/pygments	pygments	= 2.0
Affected	pkg:pypi/pygments	pygments	= 2.0.1
Affected	pkg:pypi/pygments	pygments	= 2.0.2
Affected	pkg:pypi/pygments	pygments	= 2.0rc1
Affected	pkg:pypi/pygments	pygments	= 2.1
Affected	pkg:pypi/pygments	pygments	= 2.1.1
Affected	pkg:pypi/pygments	pygments	= 2.1.2
Affected	pkg:pypi/pygments	pygments	= 2.1.3
Affected	pkg:pypi/pygments	pygments	= 2.2.0
Affected	pkg:pypi/pygments	pygments	= 2.3.0
Affected	pkg:pypi/pygments	pygments	= 2.3.1
Affected	pkg:pypi/pygments	pygments	= 2.4.0
Affected	pkg:pypi/pygments	pygments	= 2.4.1
Affected	pkg:pypi/pygments	pygments	= 2.4.2
Affected	pkg:pypi/pygments	pygments	= 2.5.1
Affected	pkg:pypi/pygments	pygments	= 2.5.2
Affected	pkg:pypi/pygments	pygments	= 2.6.0
Affected	pkg:pypi/pygments	pygments	= 2.6.1
Affected	pkg:pypi/pygments	pygments	= 2.7.0
Affected	pkg:pypi/pygments	pygments	= 2.7.1
Affected	pkg:pypi/pygments	pygments	= 2.7.2
Affected	pkg:pypi/pygments	pygments	= 2.7.3

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date