PyPi: Directory-Constants

CVE-2022-28347

Transitive

Safety vulnerability ID: 53724

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 12, 2022 Updated at Apr 11, 2024
Scan your Python projects for vulnerabilities →

Advisory

Directory-constants 21.3.0 updates its 'Django' requirement to '>=2.2.28,<=3.2.13' to include security fixes.

Affected package

directory-constants

Latest version: 24.1.3

Constant values shared between Directory apps.

Affected versions

Fixed versions

Vulnerability changelog

[Full Changelog](https://github.com/uktrade/directory-constants/pull/171/files) (2023-03-17)
Enhancement
- KLS-449 - Upgrade Django to 3.2.18
[23.0.0](https://pypi.org/project/directory-constants/22.0.2/) (2023-2-15)
- Change gov uk link to Department of business and trade
[22.0.2](https://pypi.org/project/directory-constants/22.0.2/) (2023-2-15)
- KLS-398 - Update django requires to less than 4.0.0

[22.0.0](https://pypi.org/project/directory-constants/22.0.0/) (2022-8-18)
- GLS-383 - Dependencies upgrade

[21.5.0](https://pypi.org/project/directory-constants/21.5.0/) (2022-8-15)
- GLS-371 Update Django to security-patched version 3.2.15
[21.4.0](https://pypi.org/project/directory-constants/21.4.0/) (2022-7-7)
- GLS-298 Update Django to security-patched version 3.2.14

[21.3.0](https://pypi.org/project/directory-constants/21.3.0/) (2022-4-27)
- GLS-190 Update Django to security-patched version 3.2.13

[21.2.0](https://pypi.org/project/directory-constants/21.2.0/) (2022-2-10)
- GLS-99 Django upgrade

[21.1.0](https://pypi.org/project/directory-constants/21.1.0/) (2021-9-24)
- GP2-3404 fix-header-links

[21.0.3](https://pypi.org/project/directory-constants/21.0.3/) (2021-09-06)
- NOTICKET - Updated setup for django version

[21.0.2](https://pypi.org/project/directory-constants/21.0.2/) (2021-09-06)
- GP2-3281 - Update international contact url

[21.0.0](https://pypi.org/project/directory-constants/21.0.0/) (2021-06-24)
- NOTICKET - Updated Django

[20.28.1](https://pypi.org/project/directory-constants/20.28.1/) (2021-05-14)
- NOTICKET - Update Django to security-patched version 3.1.11

[20.28.0](https://pypi.org/project/directory-constants/20.28.0/) (2021-04-28)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/155/files)
- GP2-2358 - Update contact us URL for mange

[20.27.0](https://pypi.org/project/directory-constants/20.27.0/) (2021-04-27)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/154/files)
- GP2-2332 - minor tweaks for magna urls
[20.26.0](https://pypi.org/project/directory-constants/20.26.0/) (2021-04-16)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/152/files)
- GP2-2256-magna header/footer urls to directory-components
[20.25.0](https://pypi.org/project/directory-constants/20.25.0/) (2021-04-08)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/151/files)
- GP2-1709-add-dir-sectors new sector lists for magna use
[20.24.0](https://pypi.org/project/directory-constants/20.24.0/) (2021-03-22)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/150/files)
[20.23.0](https://pypi.org/project/directory-constants/20.23.0/) (2021-02-18)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/149/files)
Implemented Enhancements
- GP2-1181-business-risk-options

[20.22.0](https://pypi.org/project/directory-constants/20.22.0/) (2021-01-28)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/148/files)
Implemented Enhancements
- GP2-1382-getting-paid-payment-options

[20.21.1](https://pypi.org/project/directory-constants/20.21.1/) (2021-01-27)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/147/files)
Implemented Enhancements
- GP2-1382-getting-paid-options


[20.20.0](https://pypi.org/project/directory-constants/20.20.0/) (2021-01-21)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/145/files)
Implemented Enhancements
GP2-1359-add-funding=option-choices

[20.19.0](https://pypi.org/project/directory-constants/20.19.0/) (2021-01-14)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/144/files)
Implemented Enhancements
GP2-285-cost-pricing-choices

[20.18.0](https://pypi.org/project/directory-constants/20.18.0/) (2021-01-11)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/143/files)
Implemented Enhancements
GP2-849-target-choices

[20.17.0](https://pypi.org/project/directory-constants/20.17.0/) (2020-10-19)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/142/files)
Implemented Enhancements
GP2-699-swamp-route-to-market-constants

[20.16.0](https://pypi.org/project/directory-constants/20.16.0/) (2020-09-14)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/141/files)
Implemented Enhancements
- GP2-388 add list of countries with regions

[20.15.0](https://pypi.org/project/directory-constants/20.15.0/) (2020-09-03)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/140/files)
Implemented Enhancements
- GP2-519 add turn over choices

[20.14.1](https://pypi.org/project/directory-constants/20.14.1/) (2020-08-07)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/136/files)
Implemented Enhancements
- GP2-315-add exporting constants

[20.13.1](https://pypi.org/project/directory-constants/20.13.1/) (2020-08-05)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/134/files)
Implemented Enhancements
- Security fix upgrade django to support 3.1

[20.12.0](https://pypi.org/project/directory-constants/20.12.0/) (2020-03-24)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/133/files)
Implemented Enhancements
- Extend Django support to current latest release v3.0.5

[20.11.0](https://pypi.org/project/directory-constants/20.11.0/) (2020-01-29)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/132/files)
Implemented Enhancements
- XOT-1198 - Added COOKIE_PREFERENCE_SETTINGS url constant for updated cookie banner

[20.10.0](https://pypi.org/project/directory-constants/20.10.0/) (2019-11-28)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/131/files)
Implemented Enhancements
- Updated choices.COUNTRIES_AND_TERRITORIES
- Added build_country_choices to helpers

[20.9.0](https://pypi.org/project/directory-constants/20.9.0/) (2019-10-16)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/130/files)
Implemented Enhancements
- Added choices.COUNTRIES_AND_TERRITORIES

[20.8.0](https://pypi.org/project/directory-constants/20.8.0/) (2019-10-16)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/129/files)
Implemented Enhancements
- Added choices.SECTORS

[20.7.0](https://pypi.org/project/directory-constants/20.7.0/) (2019-10-03)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/127/files)
Implemented Enhancements
- Updated About us url from `about-dit` to `about-us`

[20.6.0](https://pypi.org/project/directory-constants/20.6.0/) (2019-10-01)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/126/files)
Implemented Enhancements
- Added expand slug and capital invest slug to ISD url

[20.5.0](https://pypi.org/project/directory-constants/20.5.0/) (2019-09-24)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/125/files)
Implemented Enhancements
- Added content into new how we help urls

[20.4.0](https://pypi.org/project/directory-constants/20.4.0/) (2019-09-24)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/124/files)
Implemented Enhancements
- Added how we help urls to international urls

[20.3.0](https://pypi.org/project/directory-constants/20.3.0/) (2019-09-17)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/123/files)
Implemented Enhancements
- GTRANSFORM-368 added accessibilty-statement to slugs

[20.2.0](https://pypi.org/project/directory-constants/20.2.0/) (2019-09-17)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/122/files)
Implemented Enhancements
- GTRANSFORM-368 - Add constant for accessibility statement footer link

[20.1.0]((https://pypi.org/project/directory-constants/20.1.0/) (2019-09-11))
[Full Changelog](https://github.com/uktrade/directory-constants/pull/121/files)
Implemented Enhancements
- Update to most recent country list from www.registers.service.gov.uk/registers/country

[20.0.0]((https://pypi.org/project/directory-constants/20.0.0/) (2019-09-05))
Fixed Bugs
- CI-405: International URL now reads from a new env-var instead of the old one.

Breaking Changes
- Applications will need to add a new `DIRECTORY_CONSTANTS_URL_INTERNATIONAL` settings parameter to set the root international URL
- The `DIRECTORY_CONSTANTS_URL_GREAT_INTERNATIONAL` is no longer used.

[19.1.0](https://pypi.org/project/directory-constants/19.1.0/) (2019-09-03)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/119/files)
Implemented Enhancements
- CI-405: Add module definitions to allow `urls.domestic` and `urls.international`

Fixed Bugs
- CI-405: Fix incorrect ISD url.


[19.0.0](https://pypi.org/project/directory-constants/19.0.0/) (2019-09-02)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/118/files)
- CI-405: Refactor Urls into a package containing domestic and international.
- CI-405: Add new international URLs for new site IA.

Breaking Changes
- domestic URLs have moved from `directory-constants.urls` to `directory-constants.urls.domestic`.
- international URLs have moved from `directory-constants.urls` to `directory-constants.urls.international`.
- Some of the URLs have also had their names updated.

[18.7.0](https://pypi.org/project/directory-constants/18.7.0/) (2019-08-07)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/117/files)
- TT-1722 - Add user roles

[18.6.0](https://pypi.org/project/directory-constants/18.6.0/) (2019-08-05)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/116/files)

Implemented enhancements
- CMS-1774 - Add Invest region landing page slug

[18.5.0](https://pypi.org/project/directory-constants/18.5.0/) (2019-08-05)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/115/files)

Implemented enhancements
- CMS-1596 - Add new tree-based routing slugs for Great campaigns, Invest homepage, high potential opportunities, contact forms, and form success pages

[18.4.0](https://pypi.org/project/directory-constants/18.4.0/) (2019-08-01)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/114/files)

Implemented enhancements
- CI-405 - Add URLs: (FAS) Contact us, (International) About DIT, (International) Contact us

[18.3.0](https://pypi.org/project/directory-constants/18.3.0/) (2019-07-09)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/112/files)

Implemented enhancements
- TT-998 - Break out company types into constants

[18.2.0](https://pypi.org/project/directory-constants/18.2.0/) (2019-07-08)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/111/files)

Implemented enhancements
- TT-998 - Added company types

[18.1.2](https://pypi.org/project/directory-constants/18.1.2/) (2019-07-03)

Implemented enhancements
- no ticket - Fix missing files

[18.1.1](https://pypi.org/project/directory-constants/18.1.1/) (2019-07-03)

Implemented enhancements
- TT-1575 - Added missing csv file to package
- no ticket - Move MANIFEST.in functionality to setup.py


[18.1.0](https://pypi.org/project/directory-constants/18.1.0/) (2019-07-02)

Implemented enhancements
- TT-1575 - Added SIC codes

[18.0.0](https://pypi.org/project/directory-constants/18.0.0/) (2019-06-21)

Implemented enhancements
- CMS-1666 - Update home page slugs for great domestic and international

Breaking changes
- `slugs.GREAT_HOME` has changed from `'home'` to `'great-domestic-home'`
- `slugs.GREAT_HOME_INTERNATIONAL` has changed from `'international'` to `'great-international-home'`

[17.1.1](https://pypi.org/project/directory-constants/17.1.1/) (2019-06-14)

Implemented enhancements
- CMS-1671 - Avoid unnecessary redirect from Invest uk-setup-guide/ to International /how-to-setup-in-the-uk/

[17.1.0](https://pypi.org/project/directory-constants/17.1.0/) (2019-06-12)

Implemented enhancements
- Updated test requirements and add support for Django 2 -> 2.2
[Full Changelog](https://github.com/uktrade/directory-constants/pull/104/files)

[17.0.0](https://pypi.org/project/directory-constants/17.0.0/) (2019-06-03)

Implemented enhancements
- Add Investment-support-directory url
[Full Changelog](https://github.com/uktrade/directory-constants/pull/102/files)

Breaking changes
- Added separate isd url please set DIRECTORY_CONSTANTS_URL_INVESTMENT_SUPPORT_DIRECTORY in all dev environments

[16.8.0](https://pypi.org/project/directory-constants/16.8.0/) (2019-06-03)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/103/files)

Implemented enhancements
- Added contact form office finder url

[16.7.2](https://pypi.org/project/directory-constants/16.7.2/) (2019-05-24)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/100/files)

Implemented enhancements
- Change order of expertise work around for 403 AWS WAF - Revert

[16.7.1](https://pypi.org/project/directory-constants/16.7.1/) (2019-05-21)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/99/files)

Implemented enhancements
- Change order of expertise work around for 403 AWS WAF


[16.7.0](https://pypi.org/project/directory-constants/16.7.0/) (2019-05-21)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/98/files)

Implemented enhancements
- Updated to new events url


[16.6.0](https://pypi.org/project/directory-constants/16.6.0/) (2019-05-15)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/97/files)

Implemented enhancements
- Added `how-to-setup-in-the-uk/uk-tax-and-incentives//` to great international urls

[16.5.0](https://pypi.org/project/directory-constants/16.5.0/) (2019-05-15)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/96/files)

Implemented enhancements
- Added `how-to-setup-in-the-uk/uk-visas-and-migration/` to great international urls


[16.4.0](https://pypi.org/project/directory-constants/16.4.0/) (2019-05-08)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/95/files)

Implemented enhancements
- Changes to expertise.py


[16.3.0](https://pypi.org/project/directory-constants/16.3.0/) (2019-05-02)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/94/files)

Implemented enhancements
- Added `expertise` to choices

Fixed bugs:
- Removed errant space from Greek language in `EXPERTISE_LANGUAGES`

[16.2.0](https://pypi.org/project/directory-constants/16.2.0/) (2019-04-26)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/93/files)

Implemented enhancements
- Added `contact` to Invest urls

[16.1.0](https://pypi.org/project/directory-constants/16.1.0/) (2019-04-25)
[Full Changelog](https://github.com/uktrade/directory-constants/pull/92/files)

Implemented enhancements
- Added `investment-support-directory` and `investment-support-directory/search` to FAS urls

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

HIGH 7.5
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL