CVE-2022-40896
Severity CVSS v4.0:
Pending analysis
Type:
CWE-434
Unrestricted Upload of File with Dangerous Type
Publication date:
19/07/2023
Last modified:
05/02/2024
Description
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:pygments:pygments:*:*:*:*:*:*:*:* | 2.15.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/
- https://pypi.org/project/Pygments/
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/