Cross-site Scripting (XSS)

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Cross-site Scripting XSS in the pygmentizelines function. An attacker who can can submit events to a Bugsink project and convince a user to interact in the web UI with a stacktrace containing a...

Remote Code Execution (RCE)

3f/pygmentize is vulnerable to Remote Code Execution. The vulnerability is due to improper shell argument sanitization when passing user input to the PIGMENTS binary, which allows an attacker to cause Remote Code Execution...

pygmentize Remote Code Execution

pygmentize is prone to remote code execution due to an unsafe sanitazation of user input when passed to the highlight function...

GHSA-77MV-MP2J-GXXH pygmentize Remote Code Execution

pygmentize is prone to remote code execution due to an unsafe sanitazation of user input when passed to the highlight function...

pygmentize Remote Code Execution

pygmentize is prone to remote code execution due to an unsafe sanitazation of user input when passed to the highlight function...

PT-2024-40152 · Pypi · Pygmentize

Name of the Vulnerable Software and Affected Versions: pygmentize affected versions not specified Description: The issue is related to remote code execution due to unsafe sanitization of user input when passed to the highlight function. Recommendations: At the moment, there is no information abou...

Remote Code Execution

$highlight = Pygmentize::highlight'?php phpinfo;', ';uname -a '; printr$highlight; This will produce the following output: Darwin Micheals-MBP 16.1.0 Darwin Kernel Version 16.1.0: Thu Oct 13 21:26:57 PDT 2016; root:xnu-3789.21.360/RELEASEX8664 x8664 The problem lines appear to be here:...

Code Injection

pygmentize contains a Remote Code Execution vulnerability...

Code Injection

pygmentize contains a Remote Code Execution vulnerability...

Remote Code Execution

There's a Remote Code Execution vulnerability in the highlight function of Pygmentize...