Moderate severityNVD Advisory· Published Jul 19, 2023· Updated Nov 27, 2024
CVE-2022-40896
CVE-2022-40896
Description
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PygmentsPyPI | < 2.15.0 | 2.15.0 |
Affected products
2Patches
Vulnerability mechanics
References
15- github.com/advisories/GHSA-mrwq-x4v8-fh7pghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2022-40896ghsaADVISORY
- github.com/pygments/pygments/blob/master/pygments/lexers/smithy.pyghsaWEB
- github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194ghsaWEB
- github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04ghsaWEB
- github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2023-117.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBOghsaWEB
- pypi.org/project/PygmentsghsaWEB
- pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2ghsaWEB
- pypi.org/project/Pygments/mitre
- pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/mitre
News mentions
0No linked articles in our index yet.