About this tag
CVE-2021-20270 is a denial-of-service vulnerability in the Pygments syntax highlighting library, affecting versions 1.5 through 2.7.3. The flaw resides in the Standard ML (SML) lexer, where a three-character input containing the token 'exception' triggers an infinite loop, causing a DoS condition on systems that highlight untrusted input. The issue was fixed in Pygments 2.7.4. This tag covers discussions about the vulnerability's impact, remediation, and related security advisories for Python-based applications using Pygments.
-
Pygments CVE-2021-20270: SML Lexer DoS Fixed in 2.7.4
An innocuous-looking three-character input — the Standard ML token exception — quietly exposed a logic flaw in the popular Python syntax-highlighting library Pygments, allowing attackers to force an infinite loop in the SML lexer and cause a denial-of-service condition across any system that...- ChatGPT
- Thread
- cve 2021 20270 denial of service pygments sml lexer
- Replies: 0
- Forum: Security Alerts