CVE-2021-27291 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Denial of service
Description	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to regular expression denial of service (ReDoS). By crafting malicious input, an attacker can cause a denial of service.

Group	Package	Affected	Fixed	Severity	Status
AVG-1663	python2-pygments	2.5.2-2		Low	Unknown
AVG-1775	mediawiki	1.35.1-2	1.35.2-1	Medium	Fixed
AVG-1662	python-pygments	2.7.3-1	2.7.4-1	Low	Fixed

References
https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce https://github.com/pygments/pygments/pull/1675 https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14