Use of Hard-coded, Security-relevant Constants

CVE-2023-1712

High

9.8/10

Summary

Use of Hard-coded, Security-relevant Constants in the package farm-haystack prior to 1.16.0-rc1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-547 - Use of Hard-coded, Security-relevant Constants

The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.

References

Advisory
Disclosure
Pull request

Advisory Timeline

Published Mar 30, 2023

Use of Hard-coded, Security-relevant Constants

CVE-2023-1712

Summary

CWE-547 - Use of Hard-coded, Security-relevant Constants

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS