Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-20270

Published: 23/03/2021 Updated: 10/12/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Pygments

Vulnerability Summary

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pygments pygments

redhat openshift container platform 3.11

redhat openshift container platform 4.0

redhat openstack platform 10.0

redhat software collections -

redhat enterprise linux 7.0

redhat enterprise linux 8.0

fedoraproject fedora 33

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: pygments: CVE-2021-20270
Debian Bug report logs - #984664 pygments: CVE-2021-20270 Package: src:pygments; Maintainer for src:pygments is Piotr Ożarowski <piotr@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Mar 2021 19:45:02 UTC Severity: important Tags: security, upstream Found in version pygments/271+d ...
Debian Security Advisories: DSA-4870-1 pygments -- security update
It was discovered that Pygments, a syntax highlighting package written in Python, could be forced into an infinite loop, resulting in denial of service For the stable distribution (buster), this problem has been fixed in version 231+dfsg-1+deb10u1 We recommend that you upgrade your pygments packages For the detailed security status of pygments ...
Debian Security Advisories: DSA-4889-1 mediawiki -- security update
Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in incomplete page/blocking protection, denial of service or cross-site scripting For the stable distribution (buster), these problems have been fixed in version 1:13114-1~deb10u1 We recommend that you upgrade your mediawiki packages F ...
Arch Linux Issues:
A security issue was found in python-pygments version 15 up to 273 When the SMLLexer gets fed the string "exception", it loops indefinitely, leading to denial of service The issue is fixed in python-pygments version 274 ...

Github Repositories

https://github.com/doudoudedi/hackEmbedded

This tool is used for backdoor,shellcode generation,Information retrieval and POC arrangement for various architecture devices

hackebds 🔗中文readme foreword In the process of penetration and vulnerability mining of embedded devices, many problems have been encountered One is that some devices do not have telnetd or ssh services to obtain an interactive shell,Some devices are protected by firewall and cannot be connected to it in the forward direction Reverse_shell is required, and the other

References

CWE-835https://bugzilla.redhat.com/show_bug.cgi?id=1922136https://www.debian.org/security/2021/dsa-4889https://lists.debian.org/debian-lts-announce/2021/05/msg00003.htmlhttps://lists.debian.org/debian-lts-announce/2021/05/msg00006.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664https://nvd.nist.govhttps://github.com/doudoudedi/hackEmbeddedhttps://www.debian.org/security/2021/dsa-4870
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook