Lucene search
K

212 matches found

vulnersOsv
vulnersOsv
added 2025/01/21 12:30 p.m.6 views

ai.grakn:grakn-dist (>=0.7.0 <=0.16.0), ai.grakn:grakn-test (=0.10.0) +2379 more potentially affected by CVE-2024-43709 via org.elasticsearch:elasticsearch (>=0.6.0 <=7.17.20)

org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.7.0, =0.6.1, =0.11.0, =j11.2.6.0, =0.3.0, =1.0.1, =5.1.0, =5.6.5, =5.1.0, =5.3.0, =5.1.0, =5.1.0, =5.1.0, =6.10.5 and more Source cves: CVE-2024-43709 Source advisory: OSV:GHSA-JGX4-7V3V-VWFM...

7.5CVSS6.8AI score0.00597EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/01/15 6:56 p.m.10 views

at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2), ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.7.7 <=6.8.0) +118 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-core (>=5.0.0.Alpha1 <=5.0.5.Final)

org.jboss.resteasy:resteasy-core MAVEN version =5.0.0.Alpha1, =9.1.1, =5.7.7, =2.0.0-alpha2, =2.0.0-alpha2, =2.0.0-alpha2, =1.14.0, =2.35.0, =2.35.0, =0.15.3, =0.15.3, =0.15.3, =0.15.3, =0.31.0-beta2 and more Source cves: CVE-2023-0482 Source advisory:...

5.5CVSS6.7AI score0.00819EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/12/13 8:35 p.m.6 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=7.6.1), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +275 more potentially affected by CVE-2024-55887 via org.fhir:ucum (>=1.0.1 <=1.0.8)

org.fhir:ucum MAVEN version =1.0.1, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-55887 Source advisory: OSV:GHSA-W9J7-PHM3-F97J...

8.6CVSS7.2AI score0.00539EPSS
Exploits0
Veracode
Veracode
added 2024/11/28 10:6 a.m.10 views

XML External Entity (XXE) Injection

HAPI FHIR is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure XML parsing by HAPI FHIR, specifically within the XSLT parsing components, which improperly handle external entity references in XML files. It allows attackers to inject malicious XML content, such ...

8.6CVSS6.5AI score0.00918EPSS
Exploits0References6Affected Software6
RedHat Linux
RedHat Linux
added 2024/11/19 9:20 p.m.4 views

org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request

A flaw was found in Fast Healthcare Interoperability Resources HAPI FHIR. This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities...

9.8CVSS6AI score0.01851EPSS
Exploits1References8
Veracode
Veracode
added 2024/11/18 5:7 a.m.14 views

XML External Entity (XXE)

hapi fhir is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML input. Specifically, the system fails to properly disable or validate external entities within XML documents, allowing attackers to inject malicious XML that can lead to unauthorized data acce...

9.8CVSS6.7AI score0.01851EPSS
Exploits1References4Affected Software9
RedhatCVE
RedhatCVE
added 2024/11/11 8:33 a.m.13 views

CVE-2024-52007

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS8.2AI score0.00918EPSS
Exploits0References9
NVD
NVD
added 2024/11/08 11:15 p.m.17 views

CVE-2024-52007

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS0.00918EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/11/08 10:28 p.m.21 views

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS0.00918EPSS
Exploits0References6
CVE
CVE
added 2024/11/08 10:28 p.m.69 views

CVE-2024-52007

CVE-2024-52007 is an XXE vulnerability in XSLT parsing within the HAPI FHIR org.hl7.fhir.core components. The issue arises from XML external entity injections when processing XML with a malicious DTD, potentially allowing host data to be exposed. The Red Hat advisory notes this is fixed by upgrad...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/11/08 6:49 p.m.17 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +234 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

8.6CVSS7.2AI score0.00918EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/11/08 6:49 p.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.5) +181 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

8.6CVSS7.5AI score0.00918EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/11/08 6:49 p.m.7 views

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=5.6.5 <=7.4.5) +249 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =0.0.1, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.2.1 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

8.6CVSS7.2AI score0.00918EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/11/08 6:49 p.m.6 views

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.5) +224 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

8.6CVSS7.2AI score0.00918EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/11/08 6:49 p.m.7 views

au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +287 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

8.6CVSS7.2AI score0.00918EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.5 views

PT-2024-35091 · Hapi Fhir · Hapi Fhir

Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The XSLT parsing performed by various components in HAPI FHIR is vulnerable to XML external entity injections. This issue can be exploited by submitting a malicious XML file with a DTD tag,...

8.6CVSS7.1AI score0.00918EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2024/11/06 12:32 p.m.14 views

CVE-2024-51132

A flaw was found in Fast Healthcare Interoperability Resources HAPI FHIR. This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities. Mitigation Red Hat has investigated whether a possible mitigati...

9.1CVSS9.3AI score0.01851EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2024/11/05 6:32 p.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.5) +181 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

9.8CVSS7.7AI score0.01851EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/11/05 6:32 p.m.7 views

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.5) +224 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

9.8CVSS7.2AI score0.01851EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/11/05 6:32 p.m.6 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +234 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

9.8CVSS7.2AI score0.01851EPSS
Exploits1
Rows per page
Query Builder