{"id":"GHSA-w7qg-j435-78qw","summary":"Use of hard-coded, security-relevant constants in deepset-ai/haystack","details":"Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1.","aliases":["CVE-2023-1712"],"modified":"2023-11-08T04:11:18.891672Z","published":"2023-03-30T12:30:15Z","database_specific":{"nvd_published_at":"2023-03-30T10:15:00Z","github_reviewed":true,"github_reviewed_at":"2023-03-30T22:55:51Z","severity":"CRITICAL","cwe_ids":["CWE-547"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1712"},{"type":"WEB","url":"https://github.com/deepset-ai/haystack/pull/4535"},{"type":"WEB","url":"https://github.com/deepset-ai/haystack/commit/5fc84904f198de661d5b933fde756aa922bf09f1"},{"type":"PACKAGE","url":"https://github.com/deepset-ai/haystack"},{"type":"WEB","url":"https://huntr.dev/bounties/9a6b1fb4-ec9b-4cfa-af1e-9ce304924829"}],"affected":[{"package":{"name":"farm-haystack","ecosystem":"PyPI","purl":"pkg:pypi/farm-haystack"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.15.0"}]}],"versions":["0.1.0.post2","0.10.0","0.2.0.post1","0.2.1","0.3.0","0.4.0","0.5.0","0.6.0","0.7.0","0.8.0","0.9.0","1.0.0","1.1.0","1.10.0","1.10.0rc1","1.11.0","1.11.0rc0","1.11.1","1.11.1rc1","1.12.0","1.12.0rc1","1.12.0rc2","1.12.1","1.12.2","1.12.2rc1","1.13.0","1.13.0rc1","1.13.0rc2","1.13.1","1.13.1rc1","1.13.2","1.13.2rc0","1.14.0","1.14.0rc1","1.14.0rc2","1.15.0","1.15.0rc1","1.15.0rc2","1.15.0rc3","1.15.0rc4","1.15.0rc5","1.2.0","1.3.0","1.4.0","1.5.0","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.9.0rc1","1.9.0rc2","1.9.0rc3","1.9.1","1.9.1rc1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-w7qg-j435-78qw/GHSA-w7qg-j435-78qw.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}