212 matches found
ai.grakn:grakn-dist (>=0.7.0 <=0.16.0), ai.grakn:grakn-test (=0.10.0) +2379 more potentially affected by CVE-2024-43709 via org.elasticsearch:elasticsearch (>=0.6.0 <=7.17.20)
org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.7.0, =0.6.1, =0.11.0, =j11.2.6.0, =0.3.0, =1.0.1, =5.1.0, =5.6.5, =5.1.0, =5.3.0, =5.1.0, =5.1.0, =5.1.0, =6.10.5 and more Source cves: CVE-2024-43709 Source advisory: OSV:GHSA-JGX4-7V3V-VWFM...
at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2), ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.7.7 <=6.8.0) +118 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-core (>=5.0.0.Alpha1 <=5.0.5.Final)
org.jboss.resteasy:resteasy-core MAVEN version =5.0.0.Alpha1, =9.1.1, =5.7.7, =2.0.0-alpha2, =2.0.0-alpha2, =2.0.0-alpha2, =1.14.0, =2.35.0, =2.35.0, =0.15.3, =0.15.3, =0.15.3, =0.15.3, =0.31.0-beta2 and more Source cves: CVE-2023-0482 Source advisory:...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=7.6.1), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +275 more potentially affected by CVE-2024-55887 via org.fhir:ucum (>=1.0.1 <=1.0.8)
org.fhir:ucum MAVEN version =1.0.1, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-55887 Source advisory: OSV:GHSA-W9J7-PHM3-F97J...
XML External Entity (XXE) Injection
HAPI FHIR is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure XML parsing by HAPI FHIR, specifically within the XSLT parsing components, which improperly handle external entity references in XML files. It allows attackers to inject malicious XML content, such ...
org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request
A flaw was found in Fast Healthcare Interoperability Resources HAPI FHIR. This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities...
XML External Entity (XXE)
hapi fhir is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML input. Specifically, the system fails to properly disable or validate external entities within XML documents, allowing attackers to inject malicious XML that can lead to unauthorized data acce...
CVE-2024-52007
A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
CVE-2024-52007
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
CVE-2024-52007
CVE-2024-52007 is an XXE vulnerability in XSLT parsing within the HAPI FHIR org.hl7.fhir.core components. The issue arises from XML external entity injections when processing XML with a malicious DTD, potentially allowing host data to be exposed. The Red Hat advisory notes this is fixed by upgrad...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +234 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.5) +181 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=5.6.5 <=7.4.5) +249 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =0.0.1, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.2.1 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.5) +224 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +287 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...
PT-2024-35091 · Hapi Fhir · Hapi Fhir
Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The XSLT parsing performed by various components in HAPI FHIR is vulnerable to XML external entity injections. This issue can be exploited by submitting a malicious XML file with a DTD tag,...
CVE-2024-51132
A flaw was found in Fast Healthcare Interoperability Resources HAPI FHIR. This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities. Mitigation Red Hat has investigated whether a possible mitigati...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.5) +181 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.5) +224 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +234 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...