11 matches found
EUVD-2007-5516
Malware in sbrugna...
CVE-2024-52007
CVE-2024-52007 is an XXE vulnerability in XSLT parsing within the HAPI FHIR org.hl7.fhir.core components. The issue arises from XML external entity injections when processing XML with a malicious DTD, potentially allowing host data to be exposed. The Red Hat advisory notes this is fixed by upgrad...
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...
CVE-2024-7207
Rejected reason: Duplicate of CVE-2024-45806...
org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
CVE-2024-45294 `org.hl7.fhir.core` XXE vulnerability in XSLT transforms
The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities including validator, for the Fast Healthcare Interoperability Resources FHIR specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external...
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...
Services - Less critical - Access bypass - SA-CONTRIB-2019-043
This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The Services module has an access bypass vulnerability in its "attachfile" resource that allows users who have access to create or update nodes that include file fields to...
Services - Critical - SQL Injection - SA-CONTRIB-2017-054
This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The module doesn't sufficiently sanitize column names provided by the client when they are querying for data and trying to sort it. This vulnerability is mitigated by the fact tha...