380 matches found
UBUNTU-CVE-2022-40896
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...
PYSEC-2023-117
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...
PT-2023-8449
Name of the Vulnerable Software and Affected Versions Pygments versions prior to 2.15.0 Description A ReDoS issue was discovered in pygments/lexers/smithy.py via SmithyLexer. The issue is related to the use of a regular expression with inefficient computational complexity. Exploitation of the iss...
CVE-2022-40896
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...
CVE-2022-40896
CVE-2022-40896 : A ReDoS in Pygments’ SmithyLexer (pygments/lexers/smithy.py) affects pygments up to version 2.15.0. Exploitation could cause a denial of service via crafted Smithy inputs. Connected sources confirm the issue and attribution but do not specify a fixed patch/version. Remediation: u...
CVE-2022-40896
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...
Medium: python3-pygments
Issue Overview: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a...
CVE-2022-40896
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...
Matthäus G. Chajdas pygments 代码问题漏洞
Matthäus G. Chajdas pygments is a Matthäus G. Chajdas open source application. It provides generic syntax highlighting tool functionality. A security vulnerability exists in pygments 2.15.0 and earlier versions, which stems from a regular expression denial of service ReDoS vulnerability in...
Debian: Security Advisory (DLA-369-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2021-20270
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...
SUSE CVE-2021-27291
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...
CVE-2022-40896 affecting package python-pygments for versions less than 2.4.2-1
CVE-2022-40896 affecting package python-pygments for versions less than 2.4.2-1. A patched version of the package is available...
[SECURITY] Fedora 36 Update: golang-github-alecthomas-chroma-0.10.0-4.fc36
Chroma takes source code and other structured text and converts it into syntax highlighted HTML, ANSI-coloured text, etc. Chroma is based heavily on Pygments, and includes translators for Pygments lexers and styles...
[SECURITY] Fedora 35 Update: golang-github-alecthomas-chroma-0.10.0-3.fc35
Chroma takes source code and other structured text and converts it into syntax highlighted HTML, ANSI-coloured text, etc. Chroma is based heavily on Pygments, and includes translators for Pygments lexers and styles...
[SECURITY] Fedora 36 Update: golang-github-alecthomas-chroma-0.10.0-3.fc36
Chroma takes source code and other structured text and converts it into syntax highlighted HTML, ANSI-coloured text, etc. Chroma is based heavily on Pygments, and includes translators for Pygments lexers and styles...
Command Injection in Pygments
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
catsup (>=0.3.8 <=0.3.11), coil (=1.2.1) +9 more potentially affected by CVE-2015-8557 via pygments (>=1.6.0 <=2.0.2)
pygments PYPI version =1.6.0, =0.3.8, =0.0.1, =1.9.5, =3.0.0, =2.3.1, =3.2.0, =1.0.0, =1.0.0, =3.0.1 Source cves: CVE-2015-8557 Source advisory: OSV:GHSA-FFF8-4W9P-7V76...
GHSA-FFF8-4W9P-7V76 Command Injection in Pygments
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
CVE-2021-27291 affecting package python-pygments for versions less than 2.4.2-7
CVE-2021-27291 affecting package python-pygments for versions less than 2.4.2-7. A patched version of the package is available...