23 matches found
au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2121 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.2)
org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =2.4.1 - au.org.consumerdatastandards:mock-data-holder-java =2.6.0 - be.jidoka:jdk-keycloak-admin =1.3.0 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 -...
best.skn:skn-spring-mail (>=1.0.0 <=2.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.0.0 <=8.8.1) +710 more potentially affected by CVE-2026-40478 via org.thymeleaf:thymeleaf-spring6 (>=3.1.0.M1 <=3.1.3.RELEASE)
org.thymeleaf:thymeleaf-spring6 MAVEN version =3.1.0.M1, =1.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.6.0, =7.6.0, =7.0.0, =7.0.0, =8.8.1 and more Source cves: CVE-2026-40478 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078377...
dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540567...
dev.dsf:dsf-bpe-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-common-jetty (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-common-jetty MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540565...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...
Data Sharing Framework is Missing Session Timeout for OIDC Sessions
Affected Components DSF FHIR Server with enabled OIDC authentication. DSF BPE Server with enabled OIDC authentication. Summary OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Impact If...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...
dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: OSV:GHSA-GJ7P-595X-QWF5...
au.csiro.pathling:encoders (>=6.2.2 <=9.5.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +246 more potentially affected by CVE-2026-34360 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.0.0 <=6.9.3)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.8.1 and more Source cves: CVE-2026-34360 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855324...
au.csiro.pathling:encoders (>=5.1.0 <=9.5.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +353 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.9.3)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: OSV:GHSA-FGV2-4Q4G-WC35...
au.csiro.pathling:encoders (>=5.1.0 <=9.5.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +353 more potentially affected by CVE-2026-33180 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.8.2)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =8.8.1 and more Source cves: CVE-2026-33180 Source advisory: OSV:GHSA-P7M9-V2CM-2H7M...
au.csiro.pathling:encoders (>=5.1.0 <=9.5.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +322 more potentially affected by CVE-2026-33180 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.8.2)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.2.1 and more Source cves: CVE-2026-33180 Source advisory: OSV:GHSA-P7M9-V2CM-2H7M...
au.csiro.pathling:encoders (>=7.2.0 <=9.6.0), au.csiro.pathling:fhir-server (=7.2.0) +1279 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.3 and more Source cves: CVE-2026-24281 Source advisory: OSV:GHSA-7XRH-HQFC-G7QR...
au.csiro.pathling:encoders (>=7.2.0 <=9.6.0), au.csiro.pathling:fhir-server (=7.2.0) +1279 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.3 and more Source cves: CVE-2026-24281 Source advisory:...
au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0), br.com.jarch:jarch-apt (>=20.7.0 <=25.11.0) +744 more potentially affected by CVE-2025-66021 via com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (>=r136 <=20240325.1)
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer MAVEN version =r136, =6.2.2, =20.7.0, =24.2.0, =20.7.0, =23.1.0, =24.2.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =8.6.8 and more Source cves: CVE-2025-66021 Source advisory:...
org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request
A flaw was found in Fast Healthcare Interoperability Resources HAPI FHIR. This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +287 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +315 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +286 more potentially affected by CVE-2024-45294 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.3.22)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =7.4.3 and more Source cves: CVE-2024-45294, CVE-2024-52007 Source advisory: OSV:GHSA-6CR6-PH3P-F5RF...
au.csiro.pathling:encoders (>=5.1.0 <=6.1.4), au.csiro.pathling:fhir-server (>=5.3.1 <=6.1.4) +224 more potentially affected by CVE-2023-24057 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=5.6.91)
ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.2.1 and more Source cves: CVE-2023-24057 Source advisory: OSV:GHSA-JQH6-9574-5X22...