CVE-2023-1712 CRITICAL

CVE-2023-1712: Use of Hard-coded, Security-relevant Constants in deepset-ai/haystack

Vendor Deepset-Ai

Product deepset-ai/haystack

Weakness CWE-547

Published March 30, 2023

Last update February 11, 2025

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.

Key dates

March 30, 2023 CVE published

February 11, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2023-1712

CWE CWE-547

CVSS 9.1 / CRITICAL

Vendor Deepset-Ai

Product deepset-ai/haystack

Affected ≥ unspecified and < 0.1.30