PublicDateAtUSN: 2021-03-09 00:00:00 UTC
Candidate: CVE-2021-20270
PublicDate: 2021-03-23 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
 https://ubuntu.com/security/notices/USN-4885-1
Description:
 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to
 denial of service when performing syntax highlighting of a Standard ML
 (SML) source file, as demonstrated by input that only contains the
 "exception" keyword.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664
 https://github.com/pygments/pygments/issues/1625
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_pygments:
 upstream: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
upstream_pygments: pending (2.7.4)
precise/esm_pygments: ignored (end of ESM support, was needs-triage)
trusty_pygments: ignored (out of standard support)
trusty/esm_pygments: needs-triage
xenial_pygments: released (2.1+dfsg-1ubuntu0.1)
esm-infra/xenial_pygments: released (2.1+dfsg-1ubuntu0.1)
bionic_pygments: released (2.2.0+dfsg-1ubuntu0.1)
focal_pygments: released (2.3.1+dfsg-1ubuntu2.1)
groovy_pygments: released (2.3.1+dfsg-4ubuntu0.1)
hirsute_pygments: released (2.7.1+dfsg-2)
impish_pygments: released (2.7.1+dfsg-2)
jammy_pygments: released (2.7.1+dfsg-2)
devel_pygments: released (2.7.1+dfsg-2)