PyPi: Juntagrico

CVE-2022-36359

Transitive

Safety vulnerability ID: 51983

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 03, 2022 Updated at Dec 04, 2024
Scan your Python projects for vulnerabilities →

Advisory

Juntagrico 1.5.5 updates its dependency 'django' requirement to "~=4.0.8" to include security fixes.

Affected package

juntagrico

Latest version: 1.6.7

juntagrico is a management platform for community gardens and vegetable cooperatives.

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* 536 Add config for membership cancellation notice period by nixnuex in https://github.com/juntagrico/juntagrico/pull/537
* Job status imgs by weilen-mc in https://github.com/juntagrico/juntagrico/pull/552
* added batch mailer by weilen-mc in https://github.com/juntagrico/juntagrico/pull/551
* Language: rephrase extra-sub cancellation rule by nixnuex in https://github.com/juntagrico/juntagrico/pull/565
* Fix subscription type admin search by nixnuex in https://github.com/juntagrico/juntagrico/pull/566
* fix read-only one time job admin by pascalfree in https://github.com/juntagrico/juntagrico/pull/519
* Fix old subs by pascalfree in https://github.com/juntagrico/juntagrico/pull/560
* Fix required assignments by pascalfree in https://github.com/juntagrico/juntagrico/pull/562
* Label shares better by pascalfree in https://github.com/juntagrico/juntagrico/pull/567
* fix autocomplete job type field and job type filter visibility by pascalfree in https://github.com/juntagrico/juntagrico/pull/568
* unpin requirements that do bugfixes and security releases properly by pascalfree in https://github.com/juntagrico/juntagrico/pull/570
* 525 cancel also unpaid shares on membership cancellation by pascalfree in https://github.com/juntagrico/juntagrico/pull/571
* fix phone number display in depot change email by pascalfree in https://github.com/juntagrico/juntagrico/pull/569
* 458 fix mass job copy for past jobs if not can_edit_past_jobs by pascalfree in https://github.com/juntagrico/juntagrico/pull/459
* allow adding and editing subscriptions with members that left a… by pascalfree in https://github.com/juntagrico/juntagrico/pull/545

New Contributors
* weilen-mc made their first contribution in https://github.com/juntagrico/juntagrico/pull/552

**Full Changelog**: https://github.com/juntagrico/juntagrico/compare/1.5.4...1.5.5

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.8

CVSS v3 Details

HIGH 8.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH