{"id":"PYSEC-2023-117","details":"A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.","aliases":["CVE-2022-40896","GHSA-mrwq-x4v8-fh7p"],"modified":"2023-11-08T04:10:25.980632Z","published":"2023-07-19T15:15:00Z","references":[{"type":"PACKAGE","url":"https://pypi.org/project/Pygments/"},{"type":"WEB","url":"https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/"},{"type":"WEB","url":"https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61"}],"affected":[{"package":{"name":"pygments","ecosystem":"PyPI","purl":"pkg:pypi/pygments"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.15.1"}]}],"versions":["0.10","0.11","0.11.1","0.5","0.5.1","0.6","0.7","0.7.1","0.8","0.8.1","0.9","1.0","1.1","1.1.1","1.2","1.2.1","1.2.2","1.3","1.3.1","1.4","1.5","1.6","1.6rc1","2.0","2.0.1","2.0.2","2.0rc1","2.1","2.1.1","2.1.2","2.1.3","2.10.0","2.11.0","2.11.1","2.11.2","2.12.0","2.13.0","2.14.0","2.15.0","2.2.0","2.3.0","2.3.1","2.4.0","2.4.1","2.4.2","2.5.1","2.5.2","2.6.0","2.6.1","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.1","2.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2023-117.yaml"}}],"schema_version":"1.7.3"}