Описание
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | needed | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needed | |
| esm-apps/noble | needed | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needs-triage |
| groovy | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.2.0+dfsg-1ubuntu0.2 |
| devel | released | 2.7.1+dfsg-2ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 1.6+dfsg-1ubuntu1.1+esm1 |
| esm-infra/bionic | not-affected | 2.2.0+dfsg-1ubuntu0.2 |
| esm-infra/focal | not-affected | 2.3.1+dfsg-1ubuntu2.2 |
| esm-infra/xenial | not-affected | 2.1+dfsg-1ubuntu0.2 |
| focal | released | 2.3.1+dfsg-1ubuntu2.2 |
| groovy | released | 2.3.1+dfsg-4ubuntu0.2 |
| hirsute | released | 2.7.1+dfsg-2ubuntu1 |
| impish | released | 2.7.1+dfsg-2ubuntu1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...
EPSS
5 Medium
CVSS2
7.5 High
CVSS3