CVE-2022-40896
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-40896
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-40896.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-40896
- Aliases
- Downstream
- Related
- Published
- 2023-07-19T15:15:10Z
- Modified
- 2025-10-08T05:17:03.672774Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
- References
-
- https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/
- https://pypi.org/project/Pygments/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/
Affected packages
Git / github.com/pygments/pygments
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pygments/pygments
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
0.*
0.10
0.11
0.11.1
0.5
0.5.1
0.6
0.7
0.7.1
0.8
0.8.1
0.9
1.*
1.0
1.1
1.1.1
1.2
1.2.1
1.2.2
1.3
1.3.1
1.4
1.5
1.6
1.6rc1
2.*
2.0
2.0.1
2.0.2
2.0rc1
2.1
2.1.1
2.1.2
2.1.3
2.10.0
2.11.0
2.11.1
2.11.2
2.12.0
2.13.0
2.14.0
2.15.0
2.2.0
2.3.0
2.3.1
2.4.0
2.4.1
2.4.2
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.8.0
2.9.0