Safety CI > alphagov/notifications-api

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

bbf02402

small query test

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

e67605dd

Write tests to check that multiple rates handled correctly Co-authored-by: Leo Hemsted <leo.hemsted

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

d25d0bdd

refactor subquery

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

dac2ec12

Refactor and write tests to check that multiple rates handled correctly Co-authored-by: Leo Hemsted

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

7ef7f86e

Refactor and write tests to check that multiple rates handled correctly Co-authored-by: Leo Hemsted

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

f041077d

Refactor and write tests to check that multiple rates handled correctly

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

c81b6c84

Refactor and write tests to check that multiple rates handled correctly

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

121511bd

Refactor and write tests to check that multiple rates handled correctly

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

marshmallow

3 years, 10 months ago

0418e994

Replace `dump_to` with `data_key` https://marshmallow.readthedocs.io/en/stable/upgrading.html#load-

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

master

3 years, 10 months ago

bb62d22f

Merge pull request #3526 from alphagov/remove-reach Remove support for Reach provider

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

remove-reach

3 years, 10 months ago

c27107fa

Remove support for Reach provider This provider was never active and support was never completed, s

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

tidy-up-usage-tests-181934027

3 years, 10 months ago

52b2982b

Rename test_ft_billing... to match file under test This tripped me up several times when modifying

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

tidy-up-usage-tests-181934027

3 years, 10 months ago

8182a578

Rename test_ft_billing... to match file under test This tripped me up several times when modifying

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

marshmallow

3 years, 10 months ago

a52071b2

Replace how .dump is called to work with the latest version

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

marshmallow

3 years, 10 months ago

4acc366a

Replace how .dump is called to work with the latest version

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331