Safety CI > alphagov/notifications-api

marshmallow

3 years, 10 months ago

a52071b2

Replace how .dump is called to work with the latest version

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

marshmallow

3 years, 10 months ago

4acc366a

Replace how .dump is called to work with the latest version

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

marshmallow

3 years, 10 months ago

56b96dca

Replace how .dump is called to work with the latest version

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

c186c393

Refactor and write tests to check that multiple rates handled correctly

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

c5efd8b1

Fix some tests, also cast integer

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

fix-apr-rate

3 years, 10 months ago

6d47d97b

add revision to fix apr rate this will update about 80-90k rows in ft billing

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

marshmallow

3 years, 10 months ago

1bd5a55a

Replace how .dump is called to work with the latest version

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

marshmallow

3 years, 10 months ago

c671037b

wip

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

master

3 years, 10 months ago

66bc11bb

Merge pull request #3520 from alphagov/free-allowance-api-181934027 Extend service usage APIs with

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

fix-apr-rate

3 years, 10 months ago

6fd8887c

add revision to fix apr rate this will update about 80-90k rows in ft billing

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

fix-apr-rate

3 years, 10 months ago

e1a62faf

add revision to fix apr rate this will update about 80-90k rows in ft billing diff --git a/migrati

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

marshmallow

3 years, 10 months ago

dda591f9

wip

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

12c6fdf3

Fix some tests, also cast integer

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

remove-reach

3 years, 10 months ago

69a70d95

Remove support for Reach provider This provider was never active and support was never completed, s

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

multiple_rates_sql_magic_for_org_view

3 years, 10 months ago

48bf9320

use new query in sms org billing aggregation WIP

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331