CVE-2021-20270

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20270

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20270.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-20270

Aliases

Downstream

ALPINE-CVE-2021-20270

DEBIAN-CVE-2021-20270

DLA-2590-1

DLA-2648-1

DSA-4870-1

DSA-4889-1

OESA-2021-1154

RHSA-2021:0781

RHSA-2021:3252

RHSA-2021:4139

RHSA-2021:4150

RHSA-2021:4151

SUSE-SU-2021:1500-1

SUSE-SU-2021:3473-1

UBUNTU-CVE-2021-20270

USN-4885-1

USN-4897-2

openSUSE-SU-2021:1402-1

openSUSE-SU-2024:13208-1

Related

Published

2021-03-23T17:15:13.827Z

Modified

2025-11-14T11:04:54.487307Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

References

Affected packages

Git / github.com/pygments/pygments

Affected ranges

Type: GIT
Repo: https://github.com/pygments/pygments
Events: Introduced

bb81e6c194547874e37304681e0b44b85ee77127

Last affected

ccd14b98092c7189452cfbe825158c434b90b9cc

Affected versions

1.*

1.5

1.6

1.6rc1

2.*

2.0

2.0.1

2.0.2

2.0rc1

2.1

2.1.1

2.1.2

2.1.3

2.2.0

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.7.0

2.7.1

2.7.2

2.7.3