CVE-2023-1712
CVE-2023-1712
9.8
CriticalPublished:
Last updated:
Source:security@huntr.dev
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.
References
security@huntr.dev
https://github.com/deepset-ai/haystack/commit/5fc84904f198de661d5b933fde756aa922bf09f1security@huntr.dev
https://huntr.dev/bounties/9a6b1fb4-ec9b-4cfa-af1e-9ce304924829af854a3a-2127-422b-91ae-364da2661108
https://github.com/deepset-ai/haystack/commit/5fc84904f198de661d5b933fde756aa922bf09f1af854a3a-2127-422b-91ae-364da2661108
https://huntr.dev/bounties/9a6b1fb4-ec9b-4cfa-af1e-9ce304924829