CVE-2022-40896

EUVD-2023-0215
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
pygmentspygments
𝑥
≤ 2.15.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pygments
bookworm
no-dsa
bullseye
no-dsa
buster
no-dsa
sid
2.18.0+dfsg-1
fixed
trixie
2.18.0+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pygments
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/
https://pypi.org/project/Pygments/
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/
https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/
https://pypi.org/project/Pygments/
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/