16 matches found
ROOT-APP-MAVEN-CVE-2026-34359 CVE-2026-34359 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root
Root has patched CVE-2026-34359 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-55471 CVE-2026-55471 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root
Root has patched CVE-2026-55471 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...
au.csiro.pathling:encoders (>=6.2.2 <=9.6.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +246 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.0.0 <=6.9.6)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757891...
ca.uhn.hapi.fhir:org.hl7.fhir.convertors (>=6.8.0 <=6.9.3), ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=6.8.0 <=6.9.3) +12 more potentially affected by CVE-2026-34359 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.8.0 <=6.9.3)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =4.0.19, =4.14.6, =2.1.0, =2.1.0, =2.1.0, =2.2.3 Source cves: CVE-2026-34359, CVE-2026-34361 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855298...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials through and exposed /loadIG endpoint in ca.uhn.hapi.fhir:org.hl7.fhir.validation. An attacker can obtain authentication credentials for external FHIR servers by submitting a crafted URL that exploits...
au.csiro.pathling:encoders (>=6.2.2 <=9.5.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +244 more potentially affected by CVE-2026-34360 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.0.0 <=6.9.3)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.8.1 and more Source cves: CVE-2026-34360 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855324...
au.csiro.pathling:encoders (>=8.0.0 <=9.5.0), au.csiro.pathling:fhirpath (>=8.0.0 <=9.5.0) +164 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.4.1 <=6.9.3)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.4.1, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855257...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error in the ManagedWebAccessUtils.getServer function. An attacker can obtain authentication credentials by leveraging improper URL prefix matching during HTTP redirects, causing sensitive headers such as Bearer tokens...
au.csiro.pathling:encoders (>=5.1.0 <=9.5.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +352 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.9.3)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: OSV:GHSA-FGV2-4Q4G-WC35...
au.csiro.pathling:encoders (>=6.2.2 <=9.5.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +244 more potentially affected by CVE-2026-33180 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.0.0 <=6.8.2)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.8.1 and more Source cves: CVE-2026-33180 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15690826...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +315 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +315 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...
ca.uhn.hapi.fhir:hapi-fhir-docs (>=7.6.0 <=7.6.1), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-elastic-test-utilities (>=7.6.0 <=7.6.1) +77 more potentially affected by CVE-2023-49093 via org.htmlunit:htmlunit (>=3.0.0 <=3.8.0)
org.htmlunit:htmlunit MAVEN version =3.0.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =1.1.17, =1.1.17, =1.1.17, =1.0.69, =1.0.71, =1.6.0, =1.6.2 - com.nordstrom.ui-tools:selenium-foundation =28.0.1-s4 - com.outr:robobrowser2.13 =1.6.0 and more Source cves: CVE-2023-49093 Source advisory:...
bio.ferlab:fhavro (>=0.0.9 <=0.0.10), ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=5.6.5) +173 more potentially affected by CVE-2023-24057 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=5.6.105)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =0.0.9, =4.0.0, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.6.0, =5.0.0, =4.0.0, =5.3.0, =5.6.5 and more Source cves: CVE-2023-24057, CVE-2023-28465 Source advisory: OSV:GHSA-9654-PR4F-GH6M...
au.csiro.pathling:encoders (>=5.1.0 <=6.1.4), au.csiro.pathling:fhir-server (>=5.3.1 <=6.1.4) +224 more potentially affected by CVE-2023-24057 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=5.6.91)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.2.1 and more Source cves: CVE-2023-24057 Source advisory: OSV:GHSA-JQH6-9574-5X22...
XML External Entity (XXE)
hapi-fhir-utilities is vulnerable to XML external entities XXE. An attacker is able to provide malicious XML input containing a reference to an external entity and retrieve system files. The vulnerability exists as the library does not disable external DTDs and doctype declarations by default...