vulnerability
Oracle Linux: CVE-2021-27291: ELSA-2021-4151: python27:2.7 security update (MODERATE) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jan 11, 2021 | Nov 19, 2021 | Jan 7, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jan 11, 2021
Added
Nov 19, 2021
Modified
Jan 7, 2025
Description
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denying access to the service.
A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denying access to the service.
Solution(s)
oracle-linux-upgrade-python36oracle-linux-upgrade-python36-debugoracle-linux-upgrade-python36-develoracle-linux-upgrade-python36-rpm-macrosoracle-linux-upgrade-python3-bsonoracle-linux-upgrade-python3-distrooracle-linux-upgrade-python3-docsoracle-linux-upgrade-python3-docutilsoracle-linux-upgrade-python3-noseoracle-linux-upgrade-python3-pygmentsoracle-linux-upgrade-python3-pymongooracle-linux-upgrade-python3-pymongo-gridfsoracle-linux-upgrade-python3-pymysqloracle-linux-upgrade-python3-scipyoracle-linux-upgrade-python3-sqlalchemyoracle-linux-upgrade-python3-virtualenvoracle-linux-upgrade-python3-wheeloracle-linux-upgrade-python3-wheel-wheeloracle-linux-upgrade-python-nose-docsoracle-linux-upgrade-python-pymongo-docoracle-linux-upgrade-python-sqlalchemy-docoracle-linux-upgrade-python-virtualenv-docoracle-linux-upgrade-resource-agents

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.