GHSA-77mv-mp2j-gxxh: pygmentize Remote Code Execution

May 15, 2024

pygmentize is prone to remote code execution due to an unsafe sanitazation of user input when passed to the highlight function.

References

github.com/FriendsOfPHP/security-advisories/blob/master/3f/pygmentize/2017-05-15.yaml
github.com/advisories/GHSA-77mv-mp2j-gxxh
github.com/dedalozzo/pygmentize
github.com/dedalozzo/pygmentize/issues/1
github.com/dedalozzo/pygmentize/pull/3

Detect and mitigate GHSA-77mv-mp2j-gxxh with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →