CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Microsoft CVE•added 2021/03/24 7:0 a.m.•1 views

In pygments 1.1+ fixed in 2.7.4 the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input an attacker can cause a denial of service.

...

7.5CVSS7AI score0.034EPSS

Exploits1

OSV•added 2021/03/23 5:15 p.m.•1 views

ALPINE-CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

7.5CVSS6.7AI score0.00223EPSS

OSV•added 2021/03/23 5:15 p.m.•0 views

AZL-6811 CVE-2021-20270 affecting package python-pygments for versions less than 2.4.2-7

NVD•added 2021/03/23 5:15 p.m.•19 views

CVE-2021-20270

7.5CVSS0.00223EPSS

OSV•added 2021/03/23 5:15 p.m.•30 views

CVE-2021-20270

7.5CVSS6.4AI score

OSV•added 2021/03/23 5:15 p.m.•1 views

AZL-35137 CVE-2021-20270 affecting package python-pygments for versions less than 2.7.4-1

OSV•added 2021/03/23 5:15 p.m.•1 views

DEBIAN-CVE-2021-20270

7.5CVSS7.4AI score0.00223EPSS

PyPA•added 2021/03/23 5:15 p.m.•4 views

PYSEC-2021-140

7.5CVSS6.7AI score0.00223EPSS

Exploits0References5Affected Software1

Prion•added 2021/03/23 5:15 p.m.•29 views

Input validation

5CVSS7.1AI score0.00223EPSS

Exploits0References5Affected Software6

OSV•added 2021/03/23 5:15 p.m.•0 views

PYSEC-2021-140

Cvelist•added 2021/03/23 4:40 p.m.•28 views

CVE-2021-20270

7.6AI score0.00223EPSS

CVE•added 2021/03/23 4:40 p.m.•330 views

CVE-2021-20270

CVE-2021-20270 describes an infinite loop in Pygments’ SMLLexer, affecting Pygments 1.5–2.7.3, which can cause DoS during syntax highlighting of StandardML sources (e.g., input containing only the keyword “exception”). Connected advisories confirm affected distributions (e.g., Debian, AlmaLinux, ...

7.5CVSS7.3AI score0.00223EPSS

Exploits0References5Affected Software1

Debian CVE•added 2021/03/23 4:40 p.m.•43 views

CVE-2021-20270

7.5CVSS8.1AI score0.00223EPSS

Exploits0

AlpineLinux•added 2021/03/23 4:40 p.m.•57 views

CVE-2021-20270

7.5CVSS7.6AI score0.00223EPSS

Exploits0

Tenable Nessus•added 2021/03/23 12:0 a.m.•46 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Pygments vulnerability (USN-4885-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4885-1 advisory. It was discovered that Pygments incorrectly handled parsing SML files. If a user or automated system were tricked into parsing a specially...

7.5CVSS7.5AI score0.00223EPSS

Exploits0References2

OpenVAS•added 2021/03/23 12:0 a.m.•23 views

Ubuntu: Security Advisory (USN-4885-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.00223EPSS

Exploits0References2

OSV•added 2021/03/22 1:26 p.m.•0 views

USN-4885-1 pygments vulnerability

It was discovered that Pygments incorrectly handled parsing SML files. If a user or automated system were tricked into parsing a specially crafted SML file, a remote attacker could cause Pygments to hang, resulting in a denial of service...