Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1712: fix: update envs for the backend image of annotation tool (#4535) · deepset-ai/haystack@5fc8490

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.

CVE
Open in Source
#git#postgres#docker

@@ -19,14 +19,17 @@ The credentials should match in database image and application configuration. DEFAULT_ADMIN_EMAIL: “[email protected]” DEFAULT_ADMIN_PASSWORD: “DEMO-PASSWORD”
PROD_DB_NAME: “databasename” PROD_DB_USERNAME: “somesafeuser” PROD_DB_PASSWORD: “somesafepassword”
DB_HOSTNAME: “db” DB_NAME: “databasename” DB_USERNAME: “somesafeuser” DB_PASSWORD: “somesafepassword”
POSTGRES_USER: “somesafeuser” POSTGRES_PASSWORD: “somesafepassword” POSTGRES_DB: “databasename”
COOKIE_KEYS: “somesafecookiekeys” JWT_SECRET: “somesafesecret”

  1. Run docker-compose by executing `docker-compose up`.

Related news

GHSA-w7qg-j435-78qw: Use of hard-coded, security-relevant constants in deepset-ai/haystack

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE