Lucene search
HistoryMar 23, 2021 - 5:15 p.m.
CVE-2021-20270
cve-2021-20270 pygments smllexer denial of service
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.003
Percentile
68.6%
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the “exception” keyword.
Affected configurations
Node
pygmentspygmentsRange1.5–2.7.3
Node
redhatopenshift_container_platformMatch3.11
ORredhatopenshift_container_platformMatch4.0
ORredhatopenstack_platformMatch10.0
ORredhatsoftware_collectionsMatch-
ORredhatenterprise_linuxMatch7.0
ORredhatenterprise_linuxMatch8.0
Node
fedoraprojectfedoraMatch33
Node
debiandebian_linuxMatch9.0
ORdebiandebian_linuxMatch10.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pygments | pygments | * | cpe:2.3:a:pygments:pygments:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | 3.11 | cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | 4.0 | cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* |
| redhat | openstack_platform | 10.0 | cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:* |
| redhat | software_collections | - | cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 7.0 | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| fedoraproject | fedora | 33 | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
| debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
Related
nessus
nessus
Debian DLA-2590-1 : pygments security update
2021-03-15 00:00:00
Debian DSA-4870-1 : pygments - security update
2021-03-15 00:00:00
CBL Mariner 2.0 Security Update: python-pygments (CVE-2021-20270)
2024-08-30 00:00:00
redos
redos
ROS-20240723-02
2024-07-23 00:00:00
osv
osv
CVE-2021-20270
2021-03-23 17:15:13
pygments - security update
2021-03-12 00:00:00
pygments - security update
2021-03-12 00:00:00
redhatcve
redhatcve
CVE-2021-20270
2021-03-05 10:35:25
openvas
openvas
Debian: Security Advisory (DLA-2590-1)
2021-03-13 00:00:00
Debian: Security Advisory (DSA-4870-1)
2021-03-14 00:00:00
Ubuntu: Security Advisory (USN-4885-1)
2021-03-23 00:00:00
debian
debian
[SECURITY] [DSA 4870-1] pygments security update
2021-03-12 21:43:51
[SECURITY] [DLA 2590-1] pygments security update
2021-03-12 10:08:47
[SECURITY] [DLA 2648-2] mediawiki regression update
2021-05-06 19:48:46
suse
suse
Security update for python-Pygments (important)
2021-10-31 00:00:00
cvelist
cvelist
CVE-2021-20270
2021-03-23 16:40:22
alpinelinux
alpinelinux
CVE-2021-20270
2021-03-23 17:15:13
cbl_mariner
cbl_mariner
CVE-2021-20270 affecting package python-pygments 2.4.2-6
2021-04-06 23:50:13
ubuntu
ubuntu
Pygments vulnerability
2021-03-22 00:00:00
Pygments vulnerabilities
2023-08-14 00:00:00
debiancve
debiancve
CVE-2021-20270
2021-03-23 17:15:13
veracode
veracode
Denial Of Service (DoS)
2021-02-02 01:30:48
cve
cve
CVE-2021-20270
2021-03-23 17:15:13
ubuntucve
ubuntucve
CVE-2021-20270
2021-03-09 00:00:00
prion
prion
Input validation
2021-03-23 17:15:00
github
github
Infinite Loop in Pygments
2021-04-20 16:35:47
oraclelinux
oraclelinux
python36:3.6 security and bug fix update
2021-11-16 00:00:00
resource-agents security update
2021-11-19 00:00:00
python27:2.7 security update
2021-11-16 00:00:00
rocky
rocky
python36:3.6 security and bug fix update
2021-11-09 08:24:37
resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
python27:2.7 security update
2021-11-09 08:24:39
almalinux
almalinux
Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
Moderate: python27:2.7 security update
2021-11-09 08:24:39
redhat
redhat
(RHSA-2021:4139) Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
(RHSA-2021:4150) Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
freebsd
freebsd
py-pygments -- multiple DoS vulnerabilities
2021-03-17 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2021-05-23 04:30:51
photon
photon
Critical Photon OS Security Update - PHSA-2021-0253
2021-06-15 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0253
2021-06-16 00:00:00
Critical Photon OS Security Update - PHSA-2021-0047
2021-06-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package mediawiki version 1.35.2-alt1
2021-04-24 00:00:00
ibm
ibm
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.003
Percentile
68.6%
Related for NVD:CVE-2021-20270