Search for packages
| purl | pkg:rpm/redhat/python27-python-pygments@1.5-5?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-437r-g9sm-6yfx
Aliases: CVE-2020-28493 GHSA-g3rq-g295-4j3m PYSEC-2021-66 SNYK-PYTHON-JINJA2-1012994 |
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. | There are no reported fixed by versions. |
|
VCID-5fn7-dq9z-b7hc
Aliases: CVE-2020-27619 |
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | There are no reported fixed by versions. |
|
VCID-c973-6cpz-q3cz
Aliases: CVE-2021-42771 GHSA-h4m5-qpfp-3mpv PYSEC-2021-421 |
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. | There are no reported fixed by versions. |
|
VCID-cz6q-73vy-tbcf
Aliases: CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140 |
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | There are no reported fixed by versions. |
|
VCID-ga74-8ch9-a3hc
Aliases: CVE-2021-3177 |
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | There are no reported fixed by versions. |
|
VCID-jegx-yjsf-hqe6
Aliases: CVE-2021-20095 |
python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code | There are no reported fixed by versions. |
|
VCID-qa6e-abwc-47a4
Aliases: CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141 |
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | There are no reported fixed by versions. |
|
VCID-wnxx-rc7w-cke4
Aliases: CVE-2021-23336 |
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) When the attacker can separate query parameters using a semicolon (`;`), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||