ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.5) +224 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.5) +181 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

PT-2024-35091 · Hapi Fhir · Hapi Fhir

Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The XSLT parsing performed by various components in HAPI FHIR is vulnerable to XML external entity injections. This issue can be exploited by submitting a malicious XML file with a DTD tag,...

CVE-2024-51132

A flaw was found in Fast Healthcare Interoperability Resources HAPI FHIR. This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities. Mitigation Red Hat has investigated whether a possible mitigati...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=7.4.5) +232 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 MAVEN version =0.0.1, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +208 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.convertors (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.convertors MAVEN version =0.0.1, =4.0.0, =5.6.5, =4.1.0, =4.0.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +287 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +234 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +315 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=5.6.5 <=7.4.5) +249 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =0.0.1, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.2.1 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.5) +224 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.5) +181 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

GHSA-4CF2-CXP3-RJR7 HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

CVE-2024-51132

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

CVE-2024-51132

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

HAPI FHIR 安全漏洞

HAPI FHIR is a Java-written HL7 FHIR API for the HAPI FHIR open source. A security vulnerability exists in HAPI FHIR versions prior to v6.4.0 that stems from the presence of an external entity reference that allows an attacker to access sensitive information or execute arbitrary code by providing...

CVE-2024-51132

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

CVE-2024-51132

CVE-2024-51132 describes an XML External Entity (XXE) vulnerability in HAPI FHIR prior to v6.4.0. The root cause is XXE in FHIR parsing (org.hl7.fhir.core) that can allow an attacker to read sensitive information or potentially execute arbitrary code via a crafted XML request. Affected components...

CVE-2024-51132

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...