Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03N212LW1wMmotZ3h4aM4AA8GF
pygmentize Remote Code Execution
pygmentize is prone to remote code execution due to an unsafe sanitazation of user input when passed to the highlight function.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03N212LW1wMmotZ3h4aM4AA8GF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 7 months ago
Updated: 7 months ago
CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-77mv-mp2j-gxxh
References:
- https://github.com/dedalozzo/pygmentize/issues/1
- https://github.com/dedalozzo/pygmentize/pull/3
- https://github.com/FriendsOfPHP/security-advisories/blob/master/3f/pygmentize/2017-05-15.yaml
- https://github.com/advisories/GHSA-77mv-mp2j-gxxh
Blast Radius: 6.3
Affected Packages
packagist:3f/pygmentize
Dependent packages: 1Dependent repositories: 6
Downloads: 837 total
Affected Version Ranges: < 1.2
Fixed in: 1.2
All affected versions:
All unaffected versions: