OESA-2021-1154 — Vulnetix

OESA-2021-1154 PUBLISHED CVSS 9.199999809265137 CRITICAL

Security Fix(es): In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.(CVE-2021-27291) An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.(CVE-2021-20270)

Risk Scores

CVSS v4.0

9.199999809265137

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
openEuler:20.03-LTS-SP1	python-pygments	0, 0

Timeline

May 6, 2021 CVE Published
Sep 3, 2025 CVE Updated
May 2, 2026 Security Advisory
May 2, 2026 Security Advisory

References

https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1154 advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-27291 advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-20270 advisory

Open in Interactive Console →