Pygments
Monthly
A regular expression denial-of-service (ReDoS) vulnerability exists in Pygments up to version 2.19.2, specifically in the AdlLexer component within pygments/lexers/archetype.py. An attacker with local access can craft malicious input that triggers inefficient regex pattern matching, causing high CPU consumption and service degradation. A public proof-of-concept exploit is available, though the vulnerability requires local access and low privileges to exploit, resulting in a CVSS score of 3.3 with Proof-of-Concept availability (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P).
A regular expression denial-of-service (ReDoS) vulnerability exists in Pygments up to version 2.19.2, specifically in the AdlLexer component within pygments/lexers/archetype.py. An attacker with local access can craft malicious input that triggers inefficient regex pattern matching, causing high CPU consumption and service degradation. A public proof-of-concept exploit is available, though the vulnerability requires local access and low privileges to exploit, resulting in a CVSS score of 3.3 with Proof-of-Concept availability (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P).