Back to search
CVE-2021-27291
Published: Mar 17, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
x_refsource_MISC
[debian-lts-announce] 20210319 [SECURITY] [DLA 2600-1] pygments security update
mailing-list
x_refsource_MLIST
DSA-4878
vendor-advisory
x_refsource_DEBIAN
DSA-4889
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update
mailing-list
x_refsource_MLIST
FEDORA-2021-166dfc62b2
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-3f975f68c8
vendor-advisory
x_refsource_FEDORA
[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now