Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

Published

2023-07-19T15:15:10.007

Last Modified

2024-11-21T07:22:13.610

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pygments	pygments	≤ 2.15.0	Yes

References

https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61 Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/ ([email protected])
https://pypi.org/project/Pygments/ Product ([email protected])
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/ Exploit, Patch, Third Party Advisory ([email protected])
https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/ (af854a3a-2127-422b-91ae-364da2661108)
https://pypi.org/project/Pygments/ Product (af854a3a-2127-422b-91ae-364da2661108)
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/ Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)