GHSA-w7qg-j435-78qw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w7qg-j435-78qw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-w7qg-j435-78qw/GHSA-w7qg-j435-78qw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w7qg-j435-78qw
- Aliases
- Published
- 2023-03-30T12:30:15Z
- Modified
- 2023-11-08T04:11:18.891672Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Use of hard-coded, security-relevant constants in deepset-ai/haystack
- Details
-
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-547" ], "nvd_published_at": "2023-03-30T10:15:00Z", "severity": "CRITICAL", "github_reviewed_at": "2023-03-30T22:55:51Z" }- References
Affected packages
PyPI / farm-haystack
Package
- Name
- farm-haystack
- View open source insights on deps.dev
- Purl
- pkg:pypi/farm-haystack
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected1.15.0
Affected versions
0.*
0.1.0.post2
0.2.0.post1
0.2.1
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
0.10.0
1.*
1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.8.0
1.9.0rc1
1.9.0rc2
1.9.0rc3
1.9.0
1.9.1rc1
1.9.1
1.10.0rc1
1.10.0
1.11.0rc0
1.11.0
1.11.1rc1
1.11.1
1.12.0rc1
1.12.0rc2
1.12.0
1.12.1
1.12.2rc1
1.12.2
1.13.0rc1
1.13.0rc2
1.13.0
1.13.1rc1
1.13.1
1.13.2rc0
1.13.2
1.14.0rc1
1.14.0rc2
1.14.0
1.15.0rc1
1.15.0rc2
1.15.0rc3
1.15.0rc4
1.15.0rc5
1.15.0