Denial of Service in Pygments Affects Standard ML Syntax Highlighting
CVE-2021-20270

7.5HIGH

Key Information:

Vendor

Pygments

Status
Python-pygments
Vendor
CVE Published:
23 March 2021

What is CVE-2021-20270?

An infinite loop has been discovered in the SMLLexer component of Pygments, affecting versions from 1.5 to 2.7.3. This vulnerability can lead to a denial of service when processing Standard ML (SML) source files that contain only the 'exception' keyword. Attackers can exploit this flaw by crafting specific input, causing the lexer to loop indefinitely. Users are strongly advised to upgrade to a patched version of Pygments to mitigate potential service disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

python-pygments python-pygments 2.7.4

References

https://bugzilla.redhat.com/show_bug.cgi?id=1922136
x_refsource_MISC
https://www.debian.org/security/2021/dsa-4889
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2021/05/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.