CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40896 – pygments: ReDoS in pygments
https://notcve.org/view.php?id=CVE-2022-40896
19 Jul 2023 — A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. A denial-of-service vulnerability related to regular expressions was discovered in Pygments, specifically in the file pygments/lexers/smithy.py. An attacker could exploit this flaw by sending a carefully crafted request, leading to a denial-of-service situation. An update is now available for Red Hat Satellite 6.15. The release contains a new version of Satellite and important security fixes for various com... • https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-27291 – python-pygments: ReDoS in multiple lexers
https://notcve.org/view.php?id=CVE-2021-27291
17 Mar 2021 — In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. En pygments versión 1.1+, corregido en 2.7.4, los lexers usados para analizar unos lenguajes de programación dependen en gran medida en expresiones regulares. Algunas de las expresiones regulares presentan un... • https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.3EPSS: 1%CPEs: 14EXPL: 0CVE-2015-8557 – Gentoo Linux Security Advisory 201612-05
https://notcve.org/view.php?id=CVE-2015-8557
07 Jan 2016 — The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. La función FontManager._get_nix_font_path en formatters/img.py en Pygments 1.2.2 hasta la versión 2.0.2 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un nombre de fuente. Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vul... • http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •