5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
10.5%
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | pygments | < any | UNKNOWN |
ubuntu | 20.04 | noarch | pygments | < any | UNKNOWN |
ubuntu | 22.04 | noarch | pygments | < any | UNKNOWN |
ubuntu | 23.10 | noarch | pygments | < any | UNKNOWN |
ubuntu | 24.04 | noarch | pygments | < any | UNKNOWN |
ubuntu | 14.04 | noarch | pygments | < any | UNKNOWN |
ubuntu | 16.04 | noarch | pygments | < any | UNKNOWN |
github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61
github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194 (2.15.0)
github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04 (2.14.0)
github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52 (2.15.1)
github.com/pygments/pygments/issues/2355
github.com/pygments/pygments/issues/2356
launchpad.net/bugs/cve/CVE-2022-40896
nvd.nist.gov/vuln/detail/CVE-2022-40896
pypi.org/project/Pygments/
pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/
security-tracker.debian.org/tracker/CVE-2022-40896
www.cve.org/CVERecord?id=CVE-2022-40896