CVE-2024-46984

🗓️ 19 Sep 2024 23:15:12Reported by [email protected]Type

The reference validator tool for FHIR resources is vulnerable to XML External Entities attack due to insecure defaults in the Woodstox WstxInputFactory. Update to version 2.5.1 or later to mitigate

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-46984	20 Sep 202402:11	–	circl
CNNVD	Gematik Referenzvalidator 代码问题漏洞	19 Sep 202400:00	–	cnnvd
CVE	CVE-2024-46984	19 Sep 202422:38	–	cve
Cvelist	CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator	19 Sep 202422:38	–	cvelist
EUVD	EUVD-2024-2731	3 Oct 202520:07	–	euvd
Github Security Blog	Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack	19 Sep 202414:49	–	github
OSV	CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator	19 Sep 202422:38	–	osv
OSV	GHSA-68J8-FP38-P48Q Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack	19 Sep 202414:49	–	osv
Positive Technologies	PT-2024-32318 · Unknown · Referencevalidator +1	19 Sep 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-46984	5 Feb 202501:10	–	redhatcve

NVD

Node

gematik reference_validatorRange<2.5.1

Source	Link
github	www.github.com/gematik/app-referencevalidator/security/advisories/GHSA-68j8-fp38-p48q
owasp	www.owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)
github	www.github.com/gematik/app-referencevalidator/releases/tag/2.5.1
owasp	www.owasp.org/www-community/attacks/Server_Side_Request_Forgery
cheatsheetseries	www.cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
owasp	www.owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)

17 Jun 2026 07:56Current

CVSS 3.18.6 - 9.8

EPSS0.00628

CWE-611