[PYSEC-2021-140] pygments vulnerability
Severity
High
Affected Packages
26
Fixed Packages
1
CVEs
1
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
Package | Affected Version |
---|---|
pkg:pypi/pygments | >= 1.5, < 2.7.4 |
pkg:pypi/pygments | = 1.5 |
pkg:pypi/pygments | = 1.6 |
pkg:pypi/pygments | = 1.6rc1 |
pkg:pypi/pygments | = 2.0 |
pkg:pypi/pygments | = 2.0.1 |
pkg:pypi/pygments | = 2.0.2 |
pkg:pypi/pygments | = 2.0rc1 |
pkg:pypi/pygments | = 2.1 |
pkg:pypi/pygments | = 2.1.1 |
pkg:pypi/pygments | = 2.1.2 |
pkg:pypi/pygments | = 2.1.3 |
pkg:pypi/pygments | = 2.2.0 |
pkg:pypi/pygments | = 2.3.0 |
pkg:pypi/pygments | = 2.3.1 |
pkg:pypi/pygments | = 2.4.0 |
pkg:pypi/pygments | = 2.4.1 |
pkg:pypi/pygments | = 2.4.2 |
pkg:pypi/pygments | = 2.5.1 |
pkg:pypi/pygments | = 2.5.2 |
pkg:pypi/pygments | = 2.6.0 |
pkg:pypi/pygments | = 2.6.1 |
pkg:pypi/pygments | = 2.7.0 |
pkg:pypi/pygments | = 2.7.1 |
pkg:pypi/pygments | = 2.7.2 |
pkg:pypi/pygments | = 2.7.3 |
Package | Fixed Version |
---|---|
pkg:pypi/pygments | = 2.7.4 |
- ID
- PYSEC-2021-140
- Severity
- high
- Severity from
- CVE-2021-20270
- URL
- https://github.com/advisories/GHSA-9w8r-397f-prfh
- Published
-
2021-03-23T17:15:00
(3 years ago) - Modified
-
2021-08-27T03:22:17
(3 years ago) - Other Advisories
-
- ALPINE:CVE-2021-20270
- ALSA-2021:4150
- ALSA-2021:4151
- DSA-4870-1
- DSA-4889-1
- ELSA-2021-4150
- ELSA-2021-4151
- ELSA-2021-9553
- FREEBSD:CDC685B5-1724-49A1-AD57-2EAAB68E9CC0
- MS:CVE-2021-20270
- openSUSE-SU-2021:1402-1
- RHSA-2021:4139
- RHSA-2021:4150
- RHSA-2021:4151
- RLSA-2021:4150
- RLSA-2021:4151
- SUSE-SU-2021:1500-1
- SUSE-SU-2021:3473-1
- USN-4885-1
- USN-4897-2
Source | # ID | Name | URL |
---|---|---|---|
REPORT | https://bugzilla.redhat.com/show_bug.cgi?id=1922136 | ||
ADVISORY | https://www.debian.org/security/2021/dsa-4889 | ||
WEB | https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html | ||
WEB | https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html | ||
ADVISORY | GHSA-9w8r-397f-prfh | https://github.com/advisories/GHSA-9w8r-397f-prfh |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:pypi/pygments | pygments | = 2.7.4 | ||||
Affected | pkg:pypi/pygments | pygments | >= 1.5 < 2.7.4 | ||||
Affected | pkg:pypi/pygments | pygments | = 1.5 | ||||
Affected | pkg:pypi/pygments | pygments | = 1.6 | ||||
Affected | pkg:pypi/pygments | pygments | = 1.6rc1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.0 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.0.1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.0.2 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.0rc1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.1.1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.1.2 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.1.3 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.2.0 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.3.0 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.3.1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.4.0 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.4.1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.4.2 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.5.1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.5.2 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.6.0 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.6.1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.7.0 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.7.1 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.7.2 | ||||
Affected | pkg:pypi/pygments | pygments | = 2.7.3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |