Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.
CVE-2023-1712
Score 9.8 from GitHub Security Advisory (severity: CRITICAL) published 2023-03-30. NVD baseline CVSS 9.8; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 9.8
- EG Score
- 9.8(medium)
- EPSS
- 53.6%
- KEV
- Not listed
Published
March 30, 2023
Last Modified
November 21, 2024
Advisory Details (2)
Auto-updated May 25, 2026huntr - The world’s first bug bounty platform for AI/ML
https://huntr.dev/bounties/9a6b1fb4-ec9b-4cfa-af1e-9ce304924829commit 5fc84904f198 (deepset-ai/haystack)
Patch available: deepset-ai/haystack v2.20.0 (contains commit 5fc84904f198)
https://github.com/deepset-ai/haystack/commit/5fc84904f198de661d5b933fde756aa922bf09f1Patch Availability(1)
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| pip | farm-haystack | — | ghsa |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Affected Packages
(1 across 1 ecosystem)
PyPI(1)
| Package | Vulnerable range | Fixed in | Dependents |
|---|---|---|---|
| farm-haystack | 0.1.0.post2 ... 1.9.1rc1 (55 versions) | — | — |
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Frequently asked(5)
What is CVE-2023-1712?
When was CVE-2023-1712 disclosed?
Is CVE-2023-1712 actively exploited?
What is the CVSS score of CVE-2023-1712?
How do I remediate CVE-2023-1712?
Dependency Blast Radius
See which npm, PyPI, Go, and Maven packages are affected by CVE-2023-1712
Is Your Infrastructure Affected by CVE-2023-1712?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.