CVE-2021-27291: Uncontrolled Resource Consumption
(updated )
In pygments the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and is vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
References
Detect and mitigate CVE-2021-27291 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →