3 matches found
ROOT-APP-MAVEN-CVE-2026-34360 CVE-2026-34360 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core - Patched by Root
Root has patched CVE-2026-34360 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core package for Root:Maven. Multiple fixed versions available...
HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect
ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...
io.connectedhealth-idaas:idaas-eventbuilder (=2.3.0) potentially affected by CVE-2023-24057 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.core (=5.1.7)
ca.uhn.hapi.fhir:org.hl7.fhir.core MAVEN version =5.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on ca.uhn.hapi.fhir:org.hl7.fhir.core and may be impacted: - io.connectedhealth-idaas:idaas-eventbuilder =2.3.0 Source cves: CVE-2023-24057,...