Lucene search
+L

10 matches found

prion
prion
added 2023/12/12 5:15 p.m.19 views

Directory traversal

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

5CVSS7AI score0.013EPSS
Exploits1References3Affected Software1
veracode
veracode
added 2023/03/19 7:29 a.m.24 views

Path Traversal

org.hl7.fhir.r4b is vulnerable to Path Traversal. The vulnerability exists in the unzip function of TerminologyCacheManager.java, which allows an attacker to access files outside the expected directory bypassing the zip slip protection implemented in the CVE-2023-24057...

8.1CVSS7AI score0.013EPSS
Exploits1References5Affected Software3
github
github
added 2023/03/10 10:15 p.m.128 views

HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057

Impact Zip Slip protections implemented in CVE-2023-24057 GHSA-jqh6-9574-5x22 can be bypassed due a partial path traversal vulnerability. This issue allows a malicious actor to potentially break out of the TerminologyCacheManager cache directory. The impact is limited to sibling directories. To...

8.1CVSS0.5AI score0.013EPSS
Exploits1References8Affected Software6
vulnrichment
vulnrichment
added 2023/01/24 12:0 a.m.8 views

CVE-2023-24057

HL7 Health Level 7 FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive for a prepackaged terminology cache, NPM package, or comparison archive...

7.2AI score0.01166EPSS
Exploits1References1
cve
cve
added 2023/01/24 12:0 a.m.128 views

CVE-2023-24057

HL7 FHIR Core Libraries are affected by a directory-traversal issue in package-decompression. Affected: versions prior to 5.6.106 (per PT-2023-21736); earlier notes reference 5.6.92. Root cause: extraction of archives (ZIP/TGZ) can write files to arbitrary directories. Mitigation: upgrade to 5.6....

8.1CVSS7.5AI score0.01166EPSS
Exploits1References1Affected Software2
vulnersosv
vulnersosv
added 2023/01/23 10:5 p.m.7 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=6.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=6.4.0) +164 more potentially affected by CVE-2023-24057 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=5.6.91)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.3.0, =4.0.0, =4.1.0, =6.4.0 and more Source cves: CVE-2023-24057 Source advisory: OSV:GHSA-JQH6-9574-5X22...

8.1CVSS7.1AI score0.01166EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/01/23 10:5 p.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=6.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=6.4.0) +139 more potentially affected by CVE-2023-24057 via ca.uhn.hapi.fhir:org.hl7.fhir.convertors (>=0.0.1 <=5.6.91)

ca.uhn.hapi.fhir:org.hl7.fhir.convertors MAVEN version =0.0.1, =4.0.0, =5.6.5, =4.1.0, =4.0.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.3.0, =4.0.0, =4.0.0, =6.4.0 and more Source cves: CVE-2023-24057 Source advisory: OSV:GHSA-JQH6-9574-5X22...

8.1CVSS7.1AI score0.01166EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/01/23 10:5 p.m.5 views

au.csiro.pathling:encoders (>=5.1.0 <=6.1.4), au.csiro.pathling:fhir-server (>=5.3.1 <=6.1.4) +224 more potentially affected by CVE-2023-24057 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=5.6.91)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.2.1 and more Source cves: CVE-2023-24057 Source advisory: OSV:GHSA-JQH6-9574-5X22...

8.1CVSS7.1AI score0.01166EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/01/23 10:5 p.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=6.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=6.4.0) +133 more potentially affected by CVE-2023-24057 via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=1.0.0 <=5.6.91)

ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =1.0.0, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.3.0, =4.0.0, =4.0.0, =4.0.0, =5.4.0 and more Source cves: CVE-2023-24057 Source advisory: OSV:GHSA-JQH6-9574-5X22...

8.1CVSS7.1AI score0.01166EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/01/23 10:5 p.m.4 views

io.connectedhealth-idaas:idaas-eventbuilder (=2.3.0) potentially affected by CVE-2023-24057 via ca.uhn.hapi.fhir:org.hl7.fhir.core (=5.1.7)

ca.uhn.hapi.fhir:org.hl7.fhir.core MAVEN version =5.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on ca.uhn.hapi.fhir:org.hl7.fhir.core and may be impacted: - io.connectedhealth-idaas:idaas-eventbuilder =2.3.0 Source cves: CVE-2023-24057 Source...

8.1CVSS7.1AI score0.01166EPSS
Exploits1
Rows per page
Query Builder