Описание
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Ссылки
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...
EPSS
7.5 High
CVSS3
5 Medium
CVSS2