Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
mediawiki to version 1:1.27.7-1~deb9u8 or higher.