py3-pygments: ReDos via crafted malicious input (CVE-2021-27291)ID: oval:org.secpod.oval:def:1801883 | Date: (C)2021-04-08 (M)2023-11-10 |
Class: PATCH | Family: unix |
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Platform: |
Alpine Linux 3.11 |
Alpine Linux 3.12 |
Alpine Linux 3.13 |