{"id":"CVE-2022-40896","details":"A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.","aliases":["GHSA-mrwq-x4v8-fh7p","PYSEC-2023-117"],"modified":"2026-04-10T04:50:59.345633Z","published":"2023-07-19T15:15:10.007Z","related":["MGASA-2024-0107"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/"},{"type":"ADVISORY","url":"https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61"},{"type":"FIX","url":"https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/"},{"type":"PACKAGE","url":"https://pypi.org/project/Pygments/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pygments/pygments","events":[{"introduced":"0"},{"last_affected":"6c187ad83267be9ce142af3fd5c9e670339dc7aa"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.15.0"}]}}],"versions":["2.1.1","2.10.0","2.11.0","2.11.1","2.11.2","2.12.0","2.13.0","2.14.0","2.15.0","2.4.1","2.4.2","2.5.0","2.5.1","2.5.2","2.6.0","2.6.1","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40896.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}