vulnerability
Oracle Linux: CVE-2021-27291: ELSA-2021-4150: python36:3.6 security and bug fix update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jan 11, 2021 | Nov 19, 2021 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jan 11, 2021
Added
Nov 19, 2021
Modified
Dec 3, 2025
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denying access to the service.
A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denying access to the service.
Solutions
oracle-linux-upgrade-babeloracle-linux-upgrade-python2oracle-linux-upgrade-python2-attrsoracle-linux-upgrade-python2-babeloracle-linux-upgrade-python2-backportsoracle-linux-upgrade-python2-backports-ssl-match-hostnameoracle-linux-upgrade-python2-bsonoracle-linux-upgrade-python2-chardetoracle-linux-upgrade-python2-coverageoracle-linux-upgrade-python2-cythonoracle-linux-upgrade-python2-debugoracle-linux-upgrade-python2-develoracle-linux-upgrade-python2-dnsoracle-linux-upgrade-python2-docsoracle-linux-upgrade-python2-docs-infooracle-linux-upgrade-python2-docutilsoracle-linux-upgrade-python2-funcsigsoracle-linux-upgrade-python2-idnaoracle-linux-upgrade-python2-ipaddressoracle-linux-upgrade-python2-jinja2oracle-linux-upgrade-python2-libsoracle-linux-upgrade-python2-lxmloracle-linux-upgrade-python2-markupsafeoracle-linux-upgrade-python2-mockoracle-linux-upgrade-python2-noseoracle-linux-upgrade-python2-numpyoracle-linux-upgrade-python2-numpy-docoracle-linux-upgrade-python2-numpy-f2pyoracle-linux-upgrade-python2-piporacle-linux-upgrade-python2-pip-wheeloracle-linux-upgrade-python2-pluggyoracle-linux-upgrade-python2-psycopg2oracle-linux-upgrade-python2-psycopg2-debugoracle-linux-upgrade-python2-psycopg2-testsoracle-linux-upgrade-python2-pyoracle-linux-upgrade-python2-pygmentsoracle-linux-upgrade-python2-pymongooracle-linux-upgrade-python2-pymongo-gridfsoracle-linux-upgrade-python2-pymysqloracle-linux-upgrade-python2-pysocksoracle-linux-upgrade-python2-pytestoracle-linux-upgrade-python2-pytest-mockoracle-linux-upgrade-python2-pytzoracle-linux-upgrade-python2-pyyamloracle-linux-upgrade-python2-requestsoracle-linux-upgrade-python2-rpm-macrosoracle-linux-upgrade-python2-scipyoracle-linux-upgrade-python2-setuptoolsoracle-linux-upgrade-python2-setuptools-scmoracle-linux-upgrade-python2-setuptools-wheeloracle-linux-upgrade-python2-sixoracle-linux-upgrade-python2-sqlalchemyoracle-linux-upgrade-python2-testoracle-linux-upgrade-python2-tkinteroracle-linux-upgrade-python2-toolsoracle-linux-upgrade-python2-urllib3oracle-linux-upgrade-python2-virtualenvoracle-linux-upgrade-python2-wheeloracle-linux-upgrade-python2-wheel-wheeloracle-linux-upgrade-python36oracle-linux-upgrade-python36-debugoracle-linux-upgrade-python36-develoracle-linux-upgrade-python36-rpm-macrosoracle-linux-upgrade-python3-bsonoracle-linux-upgrade-python3-distrooracle-linux-upgrade-python3-docsoracle-linux-upgrade-python3-docutilsoracle-linux-upgrade-python3-noseoracle-linux-upgrade-python3-pygmentsoracle-linux-upgrade-python3-pymongooracle-linux-upgrade-python3-pymongo-gridfsoracle-linux-upgrade-python3-pymysqloracle-linux-upgrade-python3-scipyoracle-linux-upgrade-python3-sqlalchemyoracle-linux-upgrade-python3-virtualenvoracle-linux-upgrade-python3-wheeloracle-linux-upgrade-python3-wheel-wheeloracle-linux-upgrade-python-nose-docsoracle-linux-upgrade-python-psycopg2-docoracle-linux-upgrade-python-pymongo-docoracle-linux-upgrade-python-sqlalchemy-docoracle-linux-upgrade-python-virtualenv-docoracle-linux-upgrade-resource-agents
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.