5 matches found
CVE-2024-52807
creationtimestamp| type| source ---|---|--- 2025-01-24 19:48:48+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113885058909709347 2025-01-24 20:04:51+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3008 2025-01-24 21:06:18+00:00| seen|...
CVE-2024-52807
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...
CVE-2024-52807
The CVE-2024-52807 entry affects the org.hl7.fhir.publisher package used to generate HL7 FHIR IGs. The root cause is XML External Entity (XXE) injections in XSLT transforms performed by multiple components prior to version 1.7.4, which could allow a malicious DTD tag in submitted XML to cause dat...
CVE-2024-52807 XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (>=1.1.0 <=1.2.36) potentially affected by CVE-2024-52807 via org.hl7.fhir.publisher:org.hl7.fhir.publisher.core (>=1.1.0 <=1.2.9)
org.hl7.fhir.publisher:org.hl7.fhir.publisher.core MAVEN version =1.1.0, =1.1.0, =1.2.36 Source cves: CVE-2024-52807 Source advisory: OSV:GHSA-8C3X-HQ82-GJCM...