Safety CI > alphagov/notifications-api

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

8548da4d

Update requests from 2.26.0 to 2.27.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

f0f81c44

Update redis from 3.5.3 to 4.2.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

8b8a5ee7

Update pyyaml from 5.4.1 to 6.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

7e3ed087

Update pytz from 2021.3 to 2022.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

87578784

Update pyrsistent from 0.18.0 to 0.18.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

b10fcd83

Update pyproj from 3.2.1 to 3.3.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

ca84b996

Update pypdf2 from 1.26.0 to 1.27.9

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

862a6092

Update pyparsing from 3.0.1 to 3.0.8

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

299a1061

Update pycparser from 2.20 to 2.21

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

d4c516f1

Update phonenumbers from 8.12.36 to 8.12.47

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

34e7ed7c

Update prompt-toolkit from 3.0.21 to 3.0.29

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

712c1af6

Update packaging from 21.0 to 21.3

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

3a0e532d

Update mistune from 0.8.4 to 2.0.2

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

455f23d7

Update marshmallow-sqlalchemy from 0.23.1 to 0.28.0

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

pyup-scheduled-update-2022-04-27

3 years, 10 months ago

3c9e46ff

Update marshmallow from 2.21.0 to 3.15.0

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331