pygments

Pygments’ long-running role as Python’s go-to syntax highlighter collided with a classic but under-appreciated risk in March 2021: several lexer regular expressions exhibited exponential or cubic worst‑case complexity, allowing crafted input to trigger a Regular Expression Denial of Service...

An innocuous-looking three-character input — the Standard ML token exception — quietly exposed a logic flaw in the popular Python syntax-highlighting library Pygments, allowing attackers to force an infinite loop in the SML lexer and cause a denial-of-service condition across any system that...