Описание
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
Отчет
In OpenShift Container Platform 3.11, the vulnerable version of python-pygments is embedded in the google-cloud-sdk package, which is shipped in the openshift-ansible container (aos3-installation-container). As the access to the openshift-ansible container is restricted only to cluster administrators, this component is affected but with a Low impact. The google-cloud-sdk package was shipped in OpenShift Container Platform 4.1, which is End of Life.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | python-pygments | Not affected | ||
| Red Hat Enterprise Linux 7 | python-pygments | Not affected | ||
| Red Hat Enterprise Linux 7 | resource-agents | Out of support scope | ||
| Red Hat Enterprise Linux 9 | python-pygments | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | google-cloud-sdk | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | google-cloud-sdk | Out of support scope | ||
| Red Hat OpenStack Platform 10 (Newton) | python-pygments | Out of support scope | ||
| Red Hat Automation Hub 4.2 for RHEL 7 | automation-hub | Fixed | RHSA-2021:0781 | 09.03.2021 |
| Red Hat Automation Hub 4.2 for RHEL 7 | python3-django | Fixed | RHSA-2021:0781 | 09.03.2021 |
| Red Hat Automation Hub 4.2 for RHEL 7 | python-bleach | Fixed | RHSA-2021:0781 | 09.03.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...
7.5 High
CVSS3