393 matches found
CVE-2022-40896
A denial-of-service vulnerability related to regular expressions was discovered in Pygments, specifically in the file pygments/lexers/smithy.py. An attacker could exploit this flaw by sending a carefully crafted request, leading to a denial-of-service situation. Mitigation Mitigation for this iss...
Rocky Linux 8 : python27:2.7 (RLSA-2021:4151)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4151 advisory. - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 - This affect...
Rocky Linux 8 : python36:3.6 (RLSA-2021:4150)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4150 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML...
Rocky Linux 8 : resource-agents (RLSA-2021:4139)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4139 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML...
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2023-3042)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2023-3019)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : py-pygments -- multiple DoS vulnerabilities (cdc685b5-1724-49a1-ad57-2eaab68e9cc0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cdc685b5-1724-49a1-ad57-2eaab68e9cc0 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service...
USN-4897-2 pygments vulnerabilities
USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially...
USN-4897-2: Pygments vulnerabilities
USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially...
Ubuntu: Security Advisory (USN-4897-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : python-pygments (ALAS-2023-2198)
The version of python-pygments installed on the remote host is prior to 1.4-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2198 advisory. In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some o...
Medium: python-pygments
Issue Overview: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a...
OESA-2023-1477 python-pygments security update
Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Security Fixes: A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.CVE-2022-40896...
OESA-2023-1478 python-pygments security update
Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Security Fixes: A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.CVE-2022-40896...
OESA-2023-1479 python-pygments security update
Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Security Fixes: A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.CVE-2022-40896...
Regular Expression Denial Of Service (ReDoS)
pygments is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in smithy.p due to the usage of regular expression with inefficient complexity used in the SqlJinjaLexer class which can cause catastrophic backtracking...
SUSE CVE-2022-40896
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...
Amazon Linux 2 : python3-pygments (ALAS-2023-2117)
The version of python3-pygments installed on the remote host is prior to 2.2.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2117 advisory. In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some...
Pygments vulnerable to ReDoS
A ReDoS issue was discovered in pygments/lexers/smithy.py in Pygments until 2.15.0 via SmithyLexer...
a2grunnerp (>=0.1.0 <=0.1.8), abuseipdb-wrapper (=0.1.7) +389 more potentially affected by CVE-2022-40896 via pygments (>=1.6.0 <=2.14.0)
pygments PYPI version =1.6.0, =0.1.0, =2.0.0.1, =0.0.1, =1.3.0, =0.3.2, =0.4.0, =1.0.0, =0.4.0, =4.2.0, =4.2.3 and more Source cves: CVE-2022-40896 Source advisory: OSV:GHSA-MRWQ-X4V8-FH7P...