Lucene search
K

5 matches found

Snyk
Snyk
added 2026/06/17 6:47 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches function in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular expressions that trigger excessive...

8.7CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/17 6:47 p.m.5 views

GHSA-FXJ4-P9XP-37V5 HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS

Summary The fix for CVE-2026-45367 added RegexTimeout protection to the matches function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In org.hl7.fhir.dstu2, replaceMatches was updated while matches at line 2462 still calls the raw String.matchessw without...

7.5CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/05/18 8:23 p.m.6 views

GHSA-3653-68V6-RQ57 HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

7.5CVSS6.1AI score0.00086EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:23 p.m.9 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

8.7CVSS5.8AI score0.00086EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.11 views

PT-2026-41778

Name of the Vulnerable Software and Affected Versions FHIRPathEngine affected versions not specified Description Implementations of FHIRPathEngine evaluate arbitrary FHIRPath expressions without input validation. The functions matches, matchesFull, and replaceMatches pass user-controlled regular...

7.5CVSS6AI score0.00086EPSS
Exploits0References4
Rows per page
Query Builder