| 제목 | pygments <=2.19.2 Denial of Service |
|---|
| 설명 | A Regular Expression Denial of Service (ReDoS) vulnerability exists in the pygments project at pygments/lexers/archetype.py (line 296). The regex pattern (\d|[a-fA-F])+(-(\d|[a-fA-F])+){3,} designed for GUID matching contains nested repeating quantifiers, leading to catastrophic backtracking when processing partially matching malicious input. This results in severe performance degradation and can block the application thread indefinitely with sufficiently large input, complying with CWE-1333 (Inefficient Regular Expression Complexity).
More details: https://github.com/pygments/pygments/issues/3058 |
|---|
| 원천 | ⚠️ https://github.com/pygments/pygments/issues/3058 |
|---|
| 사용자 | ybdesire (UID 83239) |
|---|
| 제출 | 2026. 03. 07. PM 01:06 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 21. AM 10:10 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352327 [pygments 까지 2.19.2 archetype.py AdlLexer 서비스 거부] |
|---|
| 포인트들 | 20 |
|---|