CVE-2021-27291
Summary
| CVE | CVE-2021-27291 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-03-17 13:15:00 UTC |
|---|
| Updated | 2023-11-07 03:31:00 UTC |
|---|
| Description | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 2648-1] mediawiki security update |
MLIST |
lists.debian.org |
|
| Fix several exponential/cubic complexity regexes found by Ben Caller/… · pygments/pygments@2e7e8c4 · GitHub |
MISC |
github.com |
|
| Debian -- Security Information -- DSA-4878-1 pygments |
DEBIAN |
www.debian.org |
|
| [SECURITY] Fedora 33 Update: python-pygments-2.6.1-6.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 32 Update: python-pygments-2.4.2-9.fc32 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| cve-2021-27291 · GitHub |
MISC |
gist.github.com |
|
| [SECURITY] [DLA 2648-2] mediawiki regression update |
MLIST |
lists.debian.org |
|
| [SECURITY] Fedora 33 Update: python-pygments-2.6.1-6.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 32 Update: python-pygments-2.4.2-9.fc32 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Debian -- Security Information -- DSA-4889-1 mediawiki |
DEBIAN |
www.debian.org |
|
| [SECURITY] [DLA 2600-1] pygments security update |
MLIST |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159462 Oracle Enterprise Linux Security Update for python36:3.6 (ELSA-2021-4150)
- 159463 Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2021-4151)
- 159560 Oracle Enterprise Linux Security Update for resource-agents (ELSA-2021-9553)
- 178487 Debian Security Update for pygments (DLA 2600-1)
- 178489 Debian Security Update for pygments (DSA 4878-1)
- 178531 Debian Security Update for mediawiki (DSA 4889-1)
- 178584 Debian Security Update for mediawiki (DLA 2648-2)
- 178613 Debian Security Update for mediawiki (DLA 2648-1)
- 179545 Debian Security Update for mediawikipygments (CVE-2021-27291)
- 198315 Ubuntu Security Notification for Pygments Vulnerability (USN-4897-1)
- 199654 Ubuntu Security Notification for Pygments Vulnerabilities (USN-4897-2)
- 239582 Red Hat Update for python27 (RHSA-2021:3252)
- 239798 Red Hat Update for resource-agents security (RHSA-2021:4139)
- 239809 Red Hat Update for python36:3.6 (RHSA-2021:4150)
- 239826 Red Hat Update for python27:2.7 (RHSA-2021:4151)
- 281245 Fedora Security Update for python (FEDORA-2021-3f975f68c8)
- 281246 Fedora Security Update for python (FEDORA-2021-166dfc62b2)
- 296053 Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)
- 355592 Amazon Linux Security Advisory for python3-pygments : ALAS2-2023-2117
- 355791 Amazon Linux Security Advisory for python-pygments : ALAS2-2023-2198
- 501172 Alpine Linux Security Update for py3-pygments
- 670235 EulerOS Security Update for python-pygments (EulerOS-SA-2021-1841)
- 670337 EulerOS Security Update for python-pygments (EulerOS-SA-2021-1887)
- 670435 EulerOS Security Update for python-pygments (EulerOS-SA-2021-2065)
- 670446 EulerOS Security Update for python-pygments (EulerOS-SA-2021-2054)
- 670471 EulerOS Security Update for python-pygments (EulerOS-SA-2021-2228)
- 670683 EulerOS Security Update for python-pygments (EulerOS-SA-2021-2441)
- 751412 SUSE Enterprise Linux Security Update for python-Pygments (SUSE-SU-2021:3841-1)
- 751415 SUSE Enterprise Linux Security Update for python-Pygments (SUSE-SU-2021:3840-1)
- 751428 OpenSUSE Security Update for python-Pygments (openSUSE-SU-2021:3841-1)
- 751429 OpenSUSE Security Update for python-Pygments (openSUSE-SU-2021:3839-1)
- 751444 OpenSUSE Security Update for python-Pygments (openSUSE-SU-2021:1521-1)
- 900162 CBL-Mariner Linux Security Update for python-pygments 2.4.2
- 901938 Common Base Linux Mariner (CBL-Mariner) Security Update for python-pygments (6812-1)
- 903080 Common Base Linux Mariner (CBL-Mariner) Security Update for python-pygments (3982)
- 940186 AlmaLinux Security Update for resource-agents (ALSA-2021:4139)
- 940522 AlmaLinux Security Update for python27:2.7 (ALSA-2021:4151)
- 940566 AlmaLinux Security Update for python36:3.6 (ALSA-2021:4150)
- 960320 Rocky Linux Security Update for python27:2.7 (RLSA-2021:4151)
- 960392 Rocky Linux Security Update for python36:3.6 (RLSA-2021:4150)
- 960815 Rocky Linux Security Update for resource-agents (RLSA-2021:4139)
- 982634 Python (pip) Security Update for Pygments (GHSA-pq64-v7f5-gqh8)
