First published: Fri Jan 08 2016(Updated: )
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =15.04 | |
Canonical Ubuntu Linux | =15.10 | |
Pygments Pygments | =1.2.2 | |
Pygments Pygments | =1.3 | |
Pygments Pygments | =1.3.1 | |
Pygments Pygments | =1.4 | |
Pygments Pygments | =1.5 | |
Pygments Pygments | =1.6 | |
Pygments Pygments | =1.6-rc1 | |
Pygments Pygments | =2.0 | |
Pygments Pygments | =2.0-rc1 | |
Pygments Pygments | =2.0.1 | |
pip/Pygments | >=1.2.2<2.1 | 2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.