Pygments known bugs
pypi9 known bugs in Pygments, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
9
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | 1.1 | 2.7.4 | Pygments vulnerable to Regular Expression Denial of Service (ReDoS) In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | fixed | osv:GHSA-pq64-v7f5-gqh8 |
| high | 1.5 | 2.7.4 | Infinite Loop in Pygments An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | fixed | osv:GHSA-9w8r-397f-prfh |
| medium | any | 2.15.1 | PYSEC-2023-117: advisory A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | fixed | osv:PYSEC-2023-117 |
| medium | any | 2e7e8c4a7b318f4032493773732754e418279a14 | PYSEC-2021-141: advisory In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | fixed | osv:PYSEC-2021-141 |
| medium | 1.5 | 2.7.4 | PYSEC-2021-140: advisory An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | fixed | osv:PYSEC-2021-140 |
| medium | 1.2.2 | 2.1 | PYSEC-2016-32: advisory The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | fixed | osv:PYSEC-2016-32 |
| medium | any | 2.15.0 | Pygments vulnerable to ReDoS A ReDoS issue was discovered in `pygments/lexers/smithy.py` in Pygments until 2.15.0 via SmithyLexer. | fixed | osv:GHSA-mrwq-x4v8-fh7p |
| low | any | 2.20.0 | Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | fixed | osv:GHSA-5239-wwwm-4pmq |
| critical | 1.2.2 | 2.1 | Command Injection in Pygments The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | fixed | osv:GHSA-fff8-4w9p-7v76 |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/pypi/Pygments