691 matches found
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
PT-2024-34533 · Hapi Fhir · Hapi Fhir
Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The issue allows attackers to access sensitive information or execute arbitrary code by supplying a crafted request containing malicious XML entities. This is due to an XML External Entity XXE...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.3), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.3) +234 more potentially affected by CVE-2024-45294 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.3.22)
ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-45294, CVE-2024-52007 Source advisory: OSV:GHSA-6CR6-PH3P-F5RF...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.3) +224 more potentially affected by CVE-2024-45294 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.22)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.3 and more Source cves: CVE-2024-45294, CVE-2024-52007 Source advisory: OSV:GHSA-6CR6-PH3P-F5RF...
au.csiro.pathling:encoders (>=5.1.0 <=7.1.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.1.0) +286 more potentially affected by CVE-2024-45294 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.3.22)
ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =7.4.3 and more Source cves: CVE-2024-45294, CVE-2024-52007 Source advisory: OSV:GHSA-6CR6-PH3P-F5RF...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.3), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.3) +181 more potentially affected by CVE-2024-45294 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.3.22)
ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2024-45294, CVE-2024-52007 Source advisory: OSV:GHSA-6CR6-PH3P-F5RF...
br.com.m4rc310:br-com-m4rc310-graphql (=1.0.1), br.com.m4rc310:br-com-m4rc310-libs (=1.0.1) +881 more potentially affected by CVE-2024-40094 via com.graphql-java:graphql-java (>=0.0.0-2021-06-27T12-22-33-cd2bab76 <=19.1)
com.graphql-java:graphql-java MAVEN version =0.0.0-2021-06-27T12-22-33-cd2bab76, =6.0.0, =6.0.3, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.0, =6.0.0, =6.0.0, =6.0.3, =0.1.0, =1.0.0, =1.2.1 and more Source cves: CVE-2024-40094 Source advisory: OSV:GHSA-H9MQ-F6Q5-6C8M...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.2.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=7.2.0 <=7.4.5) +407 more potentially affected by CVE-2023-7272 via org.eclipse.parsson:parsson (>=1.0.0 <=1.0.3)
org.eclipse.parsson:parsson MAVEN version =1.0.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =1.0, =0.3.8, =0.3.0, =0.2.3, =1.1.0, =1.2.0 and more Source cves: CVE-2023-7272 Source advisory: OSV:GHSA-2RWM-XV5J-777P...
Malicious code in falcor-hapi-demo (npm)
--- -= Per source details. Do not edit below this line.=-...
ai.ylyue:yue-library-data-es (>=j11.2.6.0 <=j11.2.6.2), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=5.3.0 <=6.10.5) +554 more potentially affected by CVE-2024-23450 via org.elasticsearch:elasticsearch (>=7.0.0 <=7.17.18)
org.elasticsearch:elasticsearch MAVEN version =7.0.0, =j11.2.6.0, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.10.0, =6.10.0, =6.10.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.6.5, =5.7.9 and more Source cves: CVE-2024-23450 Source advisory: OSV:GHSA-W5GG-2Q56-6H4F...
ca.uhn.hapi.fhir:hapi-fhir-docs (>=7.6.0 <=7.6.1), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-elastic-test-utilities (>=7.6.0 <=7.6.1) +77 more potentially affected by CVE-2023-49093 via org.htmlunit:htmlunit (>=3.0.0 <=3.8.0)
org.htmlunit:htmlunit MAVEN version =3.0.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =1.1.17, =1.1.17, =1.1.17, =1.0.69, =1.0.71, =1.6.0, =1.6.2 - com.nordstrom.ui-tools:selenium-foundation =28.0.1-s4 - com.outr:robobrowser2.13 =1.6.0 and more Source cves: CVE-2023-49093 Source advisory:...
ai.ylyue:yue-library-data-es (>=j11.2.6.0 <=j11.2.6.2), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=5.3.0 <=6.10.5) +521 more potentially affected by CVE-2023-46673 via org.elasticsearch:elasticsearch (>=7.0.0 <=7.17.13)
org.elasticsearch:elasticsearch MAVEN version =7.0.0, =j11.2.6.0, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.10.0, =6.10.0, =6.10.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.6.5, =5.7.9 and more Source cves: CVE-2023-46673 Source advisory: OSV:GHSA-285M-VHFQ-XX4H...