691 matches found
@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)
swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...
Denial of Service
Overview Versions of @hapi/subtext prior to 6.1.2 are vulnerable to Denial of Service DoS. The package fails to enforce the maxBytes configuration for payloads with chunked encoding that are written to the file system. This allows attackers to send requests with arbitrary payload sizes, which may...
Information Disclosure
hapi-fhir-server is vulnerable to information disclosure. When using the Consent Service and denying a resource via the Will See Resource method, the resource ID and version were still returned to the user...
ca.uhn.hapi.example:restful-server-example (=0.7), ca.uhn.hapi.fhir.karaf:hapi-fhir (>=3.3.0 <=3.7.0) +228 more potentially affected by CVE-2019-12741 via ca.uhn.hapi.fhir:hapi-fhir-base (>=0.1 <=3.7.0)
ca.uhn.hapi.fhir:hapi-fhir-base MAVEN version =0.1, =3.3.0, =1.3, =3.4.0, =3.0.0, =2.0, =2.3, =3.6.0, =1.4, =0.9, =3.5.0, =3.3.0, =3.7.0 and more Source cves: CVE-2019-12741 Source advisory: OSV:GHSA-52MH-P2M2-W625...
GHSA-52MH-P2M2-W625 Cross-site Scripting in HAPI FHIR
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...
Cross-site Scripting in HAPI FHIR
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...
Cross-site Scripting (XSS)
HAPI FHIR TestPage Overlay is vulnerable to cross-site scripting XSS. The parameters passed through the HTTP request to be displayed in a form page are not sanitized, allowing an attacker to inject a malicious script...
CVE-2019-12741
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...
CVE-2019-12741
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...
Cross site scripting
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...
CVE-2019-12741
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...
CVE-2019-12741
The CVE-2019-12741 issue is an XSS in the HAPI FHIR testpage overlay module of the HAPI FHIR library (pre-3.8.0). Unsanitized HTTP parameters are echoed in a form page, enabling leakage of cookies and other sensitive data from ca/uhn/fhir/to/BaseController.java via a crafted URL. Impact is limite...
CVE-2019-12741
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...
Cross-site Scripting
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. This...
Authentication Bypass in hapi-auth-jwt2
Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode. Recommendation Update to version 5.1.2 or later...
GHSA-MG8R-9G6J-HWV9 Authentication Bypass in hapi-auth-jwt2
Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode. Recommendation Update to version 5.1.2 or later...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1275 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)
org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1275 Source advisory: OSV:GHSA-3RMV-2PG5-XVQJ...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)
org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...
GHSA-CQJG-WHMM-8GV6 Denial of Service via malformed accept-encoding header in hapi
Affected versions of hapi will crash or lock the event loop when a malformed accept-encoding header is recieved. Recommendation Update to version 16.1.1 or later...