Severity.io | CVE-2021-20270

Description

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Related CPE's

a pygments pygments ********

a redhat openshift_container_platform 3.11 *******

a redhat openshift_container_platform 4.0 *******

a redhat openstack_platform 10.0 *******

a redhat software_collections -*******

o redhat enterprise_linux 7.0 *******

o redhat enterprise_linux 8.0 *******

o fedoraproject fedora 33 *******

References

https://bugzilla.redhat.com/show_bug.cgi?id=1922136

Issue TrackingPatchThird Party Advisory

DSA-4889

CvssV3 impact

Version	3.1
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AttackVector	NETWORK
AttackComplexity	LOW
PrivilegesRequired	NONE
UserInteraction	NONE
Scope	UNCHANGED
ConfidentialityImpact	NONE
IntegrityImpact	NONE
AvailabilityImpact	HIGH
BaseScore	7.5
BaseSeverity	HIGH

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:L/Au:N/C:N/I:N/A:P
AccessVector	NETWORK
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	NONE
IntegrityImpact	NONE
AvailabilityImpact	PARTIAL
BaseScore	5