Safety CI > alphagov/notifications-api

remove-provider-rates

3 years, 9 months ago

51646af9

remove provider_rates table this was added five years ago but never used. if we want to bring back

No dependencies with known security vulnerabilities.

cleanup-user-tests

3 years, 9 months ago

091d255d

clean up user tests an API build failed because one of the tests expected the database to be empty,

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

master

3 years, 9 months ago

43206b16

Merge pull request #3532 from alphagov/utils-bump bump utils

No dependencies with known security vulnerabilities.

utils-bump

3 years, 9 months ago

cc3035a1

bump utils mostly to get rid of the security warning on pypdf2

No dependencies with known security vulnerabilities.

cleanup-user-tests

3 years, 9 months ago

fdbb877b

clean up user tests an API build failed because one of the tests expected the database to be empty,

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

master

3 years, 9 months ago

7493daff

Merge pull request #3530 from alphagov/fix update migration script numbers

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

fix

3 years, 9 months ago

cc285fa4

update migration script numbers

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

master

3 years, 9 months ago

503c5e1e

Merge pull request #3527 from alphagov/fix-apr-rate add revision to fix apr rate

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

8985b245

Ensure org billing tests have AnnualBilling for all services we add a row in AnnualBilling table wh

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

1409e5f6

Ensure org billing tests have AnnualBilling for all services we add a row in AnnualBilling table wh

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

7d63a01f

Ensure org billing tests have AnnualBilling for all services we add a row in AnnualBilling table wh

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

d0001aee

Use the new subquery in fetch_sms_billing_for_organisation() This is so we have granular data about

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

bbf02402

small query test

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

e67605dd

Write tests to check that multiple rates handled correctly Co-authored-by: Leo Hemsted <leo.hemsted

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

d25d0bdd

refactor subquery

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331