Skip to main content

Use of Hard-coded, Security-relevant Constants

CVE-2023-1712

Severity High
Score 9.8/10

Summary

Use of Hard-coded, Security-relevant Constants in the package farm-haystack prior to 1.16.0-rc1.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-547 - Use of Hard-coded, Security-relevant Constants

The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.

Advisory Timeline

  • Published