11 matches found
EUVD-2022-6951
Malicious code in bioql PyPI...
CVE-2022-39230
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
Information Disclosure
fhir-works-on-aws-authz-smart is vulnerable to information disclosure.The vulnerability exits in getValidOperationsForScope function in smartScopeHelper.ts due to improper authorization which allows an attacker to gain access to information in the file system via search-type requests...
CVE-2022-39230
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
Authorization
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
CVE-2022-39230 Security issue in fhir-works-on-aws-authz-smart
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
CVE-2022-39230 Security issue in fhir-works-on-aws-authz-smart
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
CVE-2022-39230
CVE-2022-39230 affects fhir-works-on-aws-authz-smart. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor, allowing a client to retrieve more information than its OAuth scope permits on search-type requests. The issue originates in how authorization ...
CVE-2022-39230 Security issue in fhir-works-on-aws-authz-smart
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
fhir-works-on-aws-authz-smart 信息泄露漏洞
fhir-works-on-aws-authz-smart is a SMART implementation on FHIR v1.0.0 of the FHIR Works on AWS framework open-sourced by Amazon Web Services Labs. Designed to leverage the OAuth2/OIDC authorization server to authorize requests. An information disclosure vulnerability exists in...
PT-2022-24826 · Unknown · Fhir-Works-On-Aws-Authz-Smart
Name of the Vulnerable Software and Affected Versions: fhir-works-on-aws-authz-smart versions 3.1.1 through 3.1.2 Description: The issue allows a client of the API to retrieve more information than the client's OAuth scope permits when making "search-type" requests. However, this issue would not...