Your submission was sent successfully! Close

CVE-2021-27291

Published: 17 March 2021

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
eric
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needed

jammy Needed

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
pygments
Launchpad, Ubuntu, Debian
bionic
Released (2.2.0+dfsg-1ubuntu0.2)
focal
Released (2.3.1+dfsg-1ubuntu2.2)
groovy
Released (2.3.1+dfsg-4ubuntu0.2)
hirsute
Released (2.7.1+dfsg-2ubuntu1)
impish
Released (2.7.1+dfsg-2ubuntu1)
jammy
Released (2.7.1+dfsg-2ubuntu1)
precise Ignored
(end of ESM support, was needed)
trusty Needed

upstream
Released (2.7.4)
xenial
Released (2.1+dfsg-1ubuntu0.2)