Lucene search
K

25 matches found

OSV
OSV
added 2026/06/24 10:45 a.m.8 views

ROOT-APP-MAVEN-CVE-2026-34360 CVE-2026-34360 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core - Patched by Root

Root has patched CVE-2026-34360 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core package for Root:Maven. Multiple fixed versions available...

5.8CVSS5.4AI score0.00235EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/30 5:19 p.m.7 views

io.connectedhealth-idaas:idaas-eventbuilder (=2.3.0) potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.core (=5.1.7)

ca.uhn.hapi.fhir:org.hl7.fhir.core MAVEN version =5.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on ca.uhn.hapi.fhir:org.hl7.fhir.core and may be impacted: - io.connectedhealth-idaas:idaas-eventbuilder =2.3.0 Source cves: CVE-2026-34359 Source...

9.1CVSS5.8AI score0.00158EPSS
Exploits1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.7 views

HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References4
Circl
Circl
added 2026/03/27 1:33 p.m.4 views

CVE-2026-34360

creationtimestamp| type| source ---|---|--- 2026-03-27 13:33:36+00:00| published-proof-of-concept| https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-3ww8-jw56-9f5h...

5.8CVSS5.8AI score0.00235EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.5 views

CVE-2023-24057

HL7 Health Level 7 FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive for a prepackaged terminology cache, NPM package, or comparison archive...

8.1CVSS7AI score0.01166EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/01/24 6:33 p.m.6 views

org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (>=1.1.0 <=1.2.36) potentially affected by CVE-2024-52807 via org.hl7.fhir.publisher:org.hl7.fhir.publisher.core (>=1.1.0 <=1.2.9)

org.hl7.fhir.publisher:org.hl7.fhir.publisher.core MAVEN version =1.1.0, =1.1.0, =1.2.36 Source cves: CVE-2024-52807 Source advisory: OSV:GHSA-8C3X-HQ82-GJCM...

8.6CVSS5.8AI score0.00547EPSS
Exploits0
OSV
OSV
added 2024/11/08 10:28 p.m.2 views

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS6.9AI score0.00918EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/10/14 3:53 p.m.18 views

org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS5.7AI score0.00975EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/09/24 12:51 p.m.10 views

org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS5.7AI score0.00975EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/09/19 4:46 p.m.6 views

org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS5.7AI score0.00975EPSS
Exploits0References6
Veracode
Veracode
added 2024/09/09 7:27 a.m.4 views

XML Entity Expansion (XXE)

The HL7 FHIR Core is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XSLT transforms in various components, allowing a malicious XML file with a DTD tag to expose host system data...

8.6CVSS6.9AI score0.00975EPSS
Exploits0References7Affected Software6
OSV
OSV
added 2024/09/06 7:45 p.m.2 views

GHSA-6CR6-PH3P-F5RF XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where extern...

8.6CVSS5.7AI score0.00975EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/09/06 3:46 p.m.41 views

CVE-2024-45294 `org.hl7.fhir.core` XXE vulnerability in XSLT transforms

The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities including validator, for the Fast Healthcare Interoperability Resources FHIR specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external...

8.6CVSS0.00975EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/06 3:46 p.m.17 views

CVE-2024-45294 `org.hl7.fhir.core` XXE vulnerability in XSLT transforms

The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities including validator, for the Fast Healthcare Interoperability Resources FHIR specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external...

8.6CVSS7AI score0.00975EPSS
Exploits0References4
Prion
Prion
added 2023/12/12 5:15 p.m.19 views

Directory traversal

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

5CVSS7AI score0.013EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/12/12 12:0 a.m.3219 views

CVE-2023-28465

CVE-2023-28465 affects HL7 FHIR Core Libraries prior to 5.6.106. The vulnerability stems from the package‑decompression feature, allowing directory traversal that enables copying arbitrary files to certain directories when an attacker’s chosen path contains a substring of an allowed directory nam...

7.5CVSS7.7AI score0.013EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.35 views

CVE-2023-28465

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

8.1AI score0.013EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/03/10 10:15 p.m.3 views

io.connectedhealth-idaas:idaas-eventbuilder (=2.3.0) potentially affected by CVE-2023-24057 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.core (=5.1.7)

ca.uhn.hapi.fhir:org.hl7.fhir.core MAVEN version =5.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on ca.uhn.hapi.fhir:org.hl7.fhir.core and may be impacted: - io.connectedhealth-idaas:idaas-eventbuilder =2.3.0 Source cves: CVE-2023-24057,...

8.1CVSS7.1AI score0.013EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.4 views

PT-2023-21736 · Unknown · Hl7 Fhir Core Libraries

Name of the Vulnerable Software and Affected Versions: HL7 FHIR Core Libraries versions prior to 5.6.106 Description: The issue allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the...

8.1CVSS7.8AI score0.013EPSS
Exploits1References12
OSV
OSV
added 2023/01/26 9:18 p.m.15 views

CVE-2023-24057

HL7 Health Level 7 FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive for a prepackaged terminology cache, NPM package, or comparison archive...

8.1CVSS7.5AI score
Exploits0References1
Rows per page
Query Builder