Homepage

farm-haystack@1.12.0 vulnerabilities

LLM framework to build customizable, production-ready LLM applications. Connect components (models, vector DBs, file converters) to pipelines or agents that can interact with your data.

  • latest version

    1.26.4.post0

  • latest non vulnerable version

    1.26.4.post0

  • first published

    5 years ago

  • latest version published

    5 months ago

  • licenses detected

  • View farm-haystack package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the farm-haystack package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    EJB Bad Practices: Use of Synchronization Primitives

    farm-haystack is a Neural Question Answering & Semantic Search at Scale. Use modern transformer based models like BERT to find answers in large document collections

    Affected versions of this package are vulnerable to EJB Bad Practices: Use of Synchronization Primitives via the hard coded value of config.jwt.secret. Using this value it is possible to create new jwt tokens that have the super_admin role and allow a low level user to make previously restricted actions.

    How to fix EJB Bad Practices: Use of Synchronization Primitives?

    Upgrade farm-haystack to version 1.16.0 or higher.

    [0,1.16.0)
    Go back to all versions of this package