{"id":"PYSEC-2021-141","details":"In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.","aliases":["CVE-2021-27291","GHSA-pq64-v7f5-gqh8"],"modified":"2023-11-01T05:44:43.186640Z","published":"2021-03-17T13:15:00Z","references":[{"type":"WEB","url":"https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce"},{"type":"FIX","url":"https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4878"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4889"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-pq64-v7f5-gqh8"}],"affected":[{"package":{"name":"pygments","ecosystem":"PyPI","purl":"pkg:pypi/pygments"},"ranges":[{"type":"GIT","repo":"https://github.com/pygments/pygments","events":[{"introduced":"0"},{"fixed":"2e7e8c4a7b318f4032493773732754e418279a14"}]},{"type":"ECOSYSTEM","events":[{"introduced":"1.1"},{"fixed":"2.7.4"}]}],"versions":["1.1","1.1.1","1.2","1.2.1","1.2.2","1.3","1.3.1","1.4","1.5","1.6","1.6rc1","2.0","2.0.1","2.0.2","2.0rc1","2.1","2.1.1","2.1.2","2.1.3","2.2.0","2.3.0","2.3.1","2.4.0","2.4.1","2.4.2","2.5.1","2.5.2","2.6.0","2.6.1","2.7.0","2.7.1","2.7.2","2.7.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2021-141.yaml"}}],"schema_version":"1.7.3"}