VulnerableCode Package Details - pkg:deb/debian/pygments@2.3.1%2Bdfsg-1%2Bdeb10u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-gkzq-thjf-z7fa Aliases: CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-p93c-damj-kbec Aliases: CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gkzq-thjf-z7fa
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

VCID-p93c-damj-kbec
Aliases:
CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-gkzq-thjf-z7fa	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140
VCID-p93c-damj-kbec	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141

Vulnerability

Summary

Aliases

VCID-gkzq-thjf-z7fa

CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

VCID-p93c-damj-kbec

CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T17:00:59.306467+00:00	Debian Oval Importer	Affected by	VCID-p93c-damj-kbec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:56:16.526684+00:00	Debian Oval Importer	Affected by	VCID-gkzq-thjf-z7fa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:27:15.044336+00:00	Debian Oval Importer	Fixing	VCID-gkzq-thjf-z7fa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:12:08.088503+00:00	Debian Oval Importer	Fixing	VCID-p93c-damj-kbec	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0