GHSA-77mv-mp2j-gxxh

Suggest an improvement
Source
https://github.com/advisories/GHSA-77mv-mp2j-gxxh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-77mv-mp2j-gxxh/GHSA-77mv-mp2j-gxxh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-77mv-mp2j-gxxh
Published
2024-05-15T17:36:47Z
Modified
2024-11-29T05:25:19.558773Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
pygmentize Remote Code Execution
Details

pygmentize is prone to remote code execution due to an unsafe sanitazation of user input when passed to the highlight function.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T17:36:47Z"
}
References

Affected packages

Packagist / 3f/pygmentize

Package

Name
3f/pygmentize
Purl
pkg:composer/3f/pygmentize

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2

Affected versions

1.*

1.0
1.1