CVE-2023-1712: Use of Hard-coded, Security-relevant Constants

March 30, 2023 (updated April 5, 2023)

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.

References

github.com/advisories/GHSA-w7qg-j435-78qw
github.com/deepset-ai/haystack/commit/5fc84904f198de661d5b933fde756aa922bf09f1
github.com/deepset-ai/haystack/pull/4535
huntr.dev/bounties/9a6b1fb4-ec9b-4cfa-af1e-9ce304924829
nvd.nist.gov/vuln/detail/CVE-2023-1712

Code Behaviors & Features

Detect and mitigate CVE-2023-1712 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →