Lucene search
K

393 matches found

RedhatCVE
RedhatCVE
added 2023/11/27 11:58 a.m.26 views

CVE-2022-40896

A denial-of-service vulnerability related to regular expressions was discovered in Pygments, specifically in the file pygments/lexers/smithy.py. An attacker could exploit this flaw by sending a carefully crafted request, leading to a denial-of-service situation. Mitigation Mitigation for this iss...

5.5CVSS5.4AI score0.00503EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.39 views

Rocky Linux 8 : python27:2.7 (RLSA-2021:4151)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4151 advisory. - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 - This affect...

9.8CVSS7.8AI score0.35963EPSS
Exploits5References16
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.27 views

Rocky Linux 8 : python36:3.6 (RLSA-2021:4150)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4150 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML...

7.5CVSS7.5AI score0.03832EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.26 views

Rocky Linux 8 : resource-agents (RLSA-2021:4139)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4139 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML...

7.5CVSS7.5AI score0.03832EPSS
Exploits1References20
OpenVAS
OpenVAS
added 2023/10/31 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2023-3042)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.9AI score0.00503EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/10/31 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2023-3019)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.9AI score0.00503EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.20 views

FreeBSD : py-pygments -- multiple DoS vulnerabilities (cdc685b5-1724-49a1-ad57-2eaab68e9cc0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cdc685b5-1724-49a1-ad57-2eaab68e9cc0 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service...

7.5CVSS7.5AI score0.03832EPSS
Exploits1References7
OSV
OSV
added 2023/08/14 10:38 a.m.2 views

USN-4897-2 pygments vulnerabilities

USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially...

7.5CVSS6.9AI score0.03832EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2023/08/14 10:38 a.m.65 views

USN-4897-2: Pygments vulnerabilities

USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially...

7.5CVSS7.6AI score0.03832EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/08/14 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-4897-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.03832EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.36 views

Amazon Linux 2 : python-pygments (ALAS-2023-2198)

The version of python-pygments installed on the remote host is prior to 1.4-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2198 advisory. In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some o...

7.5CVSS7.4AI score0.03832EPSS
Exploits1References4
Amazon
Amazon
added 2023/08/07 12:0 a.m.32 views

Medium: python-pygments

Issue Overview: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a...

7.5CVSS7.6AI score0.03832EPSS
Exploits1
OSV
OSV
added 2023/08/06 11:5 a.m.2 views

OESA-2023-1477 python-pygments security update

Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Security Fixes: A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.CVE-2022-40896...

5.5CVSS7.3AI score0.00503EPSS
Exploits1References2
OSV
OSV
added 2023/08/06 11:5 a.m.4 views

OESA-2023-1478 python-pygments security update

Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Security Fixes: A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.CVE-2022-40896...

5.5CVSS7.3AI score0.00503EPSS
Exploits1References2
OSV
OSV
added 2023/08/06 11:5 a.m.4 views

OESA-2023-1479 python-pygments security update

Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Security Fixes: A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.CVE-2022-40896...

5.5CVSS7.3AI score0.00503EPSS
Exploits1References2
Veracode
Veracode
added 2023/07/21 3:32 p.m.23 views

Regular Expression Denial Of Service (ReDoS)

pygments is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in smithy.p due to the usage of regular expression with inefficient complexity used in the SqlJinjaLexer class which can cause catastrophic backtracking...

5.5CVSS6.8AI score0.00503EPSS
Exploits1References10Affected Software1
SUSE CVE
SUSE CVE
added 2023/07/21 2:25 a.m.3 views

SUSE CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

5.5CVSS8.4AI score0.00503EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/07/20 12:0 a.m.35 views

Amazon Linux 2 : python3-pygments (ALAS-2023-2117)

The version of python3-pygments installed on the remote host is prior to 2.2.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2117 advisory. In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some...

7.5CVSS7.4AI score0.03832EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/07/19 3:30 p.m.49 views

Pygments vulnerable to ReDoS

A ReDoS issue was discovered in pygments/lexers/smithy.py in Pygments until 2.15.0 via SmithyLexer...

5.5CVSS6.5AI score0.00503EPSS
Exploits1References11Affected Software1
vulnersOsv
vulnersOsv
added 2023/07/19 3:30 p.m.4 views

a2grunnerp (>=0.1.0 <=0.1.8), abuseipdb-wrapper (=0.1.7) +389 more potentially affected by CVE-2022-40896 via pygments (>=1.6.0 <=2.14.0)

pygments PYPI version =1.6.0, =0.1.0, =2.0.0.1, =0.0.1, =1.3.0, =0.3.2, =0.4.0, =1.0.0, =0.4.0, =4.2.0, =4.2.3 and more Source cves: CVE-2022-40896 Source advisory: OSV:GHSA-MRWQ-X4V8-FH7P...

5.5CVSS6.2AI score0.00503EPSS
Exploits1
Rows per page
Query Builder