CVE-2021-27291 log

Source
Severity Low
Remote Yes
Type Denial of service
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to regular expression denial of service (ReDoS). By crafting malicious input, an attacker can cause a denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-1663 python2-pygments 2.5.2-2 Low Vulnerable
AVG-1775 mediawiki 1.35.1-2 1.35.2-1 Medium Fixed
AVG-1662 python-pygments 2.7.3-1 2.7.4-1 Low Fixed
References
https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
https://github.com/pygments/pygments/pull/1675
https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14