FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cdc685b5-1724-49a1-ad57-2eaab68e9cc0py-pygments -- multiple DoS vulnerabilities

Red Hat reports:

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Ben Caller reports:

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions.

Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS.

By crafting malicious input, an attacker can cause a denial of service.


Discovery 2021-03-17
Entry 2023-08-31
py37-pygments
py38-pygments
py39-pygments
py310-pygments
py311-pygments
< 2.7.4

py37-pygments-25
py38-pygments-25
py39-pygments-25
py310-pygments-25
py311-pygments-25
< 2.7.4

CVE-2021-20270
https://osv.dev/vulnerability/PYSEC-2021-140
https://osv.dev/vulnerability/GHSA-9w8r-397f-prfh
CVE-2021-27291
https://osv.dev/vulnerability/PYSEC-2021-141
https://osv.dev/vulnerability/GHSA-pq64-v7f5-gqh8