Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-0136

Malicious code in bioql PyPI...

4.2CVSS6.4AI score0.00176EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 p.m.10 views

CVE-2025-24363

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...

4.2CVSS7.2AI score0.00176EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/01/24 8:40 p.m.13 views

HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information

Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username an...

4.2CVSS7.2AI score0.00176EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2025/01/24 8:40 p.m.8 views

GHSA-6729-95V3-PJC2 HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information

Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username an...

4.2CVSS4.7AI score0.00176EPSS
Exploits0References5
NVD
NVD
added 2025/01/24 7:15 p.m.13 views

CVE-2025-24363

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...

4.2CVSS0.00176EPSS
Exploits0References3
NVD
NVD
added 2025/01/24 7:15 p.m.48 views

CVE-2024-52807

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...

8.6CVSS0.00547EPSS
Exploits0References3
CVE
CVE
added 2025/01/24 6:54 p.m.67 views

CVE-2025-24363

CVE-2025-24363 affects the HL7 FHIR IG Publisher. In versions prior to 1.8.9, the CLI in CI contexts uses git to derive the origin URL; if the repo URL includes a username/password/token, that credentialed URL can be embedded in the generated Implementation Guide, exposing credentials. Impact is ...

4.2CVSS7.4AI score0.00176EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/24 6:54 p.m.14 views

CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...

4.2CVSS7.2AI score0.00176EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/24 6:54 p.m.31 views

CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...

4.2CVSS0.00176EPSS
Exploits0References3
OSV
OSV
added 2025/01/24 6:54 p.m.19 views

CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...

4.2CVSS7.1AI score0.00176EPSS
Exploits0References5
CVE
CVE
added 2025/01/24 6:34 p.m.53 views

CVE-2024-52807

The CVE-2024-52807 entry affects the org.hl7.fhir.publisher package used to generate HL7 FHIR IGs. The root cause is XML External Entity (XXE) injections in XSLT transforms performed by multiple components prior to version 1.7.4, which could allow a malicious DTD tag in submitted XML to cause dat...

8.6CVSS8.6AI score0.00547EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.12 views

PT-2025-2936

Name of the Vulnerable Software and Affected Versions HL7 FHIR IG publisher versions prior to 1.7.4 Description The HL7 FHIR IG publisher is vulnerable to XML external entity injections due to XSLT transforms performed by various components. This issue can be exploited by submitting a malicious X...

8.6CVSS5.9AI score0.00547EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.3 views

PT-2025-5345 · Hl7 · Hl7 Fhir Ig Publisher

Name of the Vulnerable Software and Affected Versions: HL7 FHIR IG publisher versions prior to 1.8.9 Description: The HL7 FHIR IG publisher has an issue where it exposes usernames and credentials in the built Implementation Guide when using git commands to determine the URL of the originating rep...

4.2CVSS7.6AI score0.00176EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.29 views

fhir-ig-publisher 路径遍历漏洞

HL7 fhir-ig-publisher is the source code for IG publisher from HL7. A security vulnerability exists in fhir-ig-publisher versions prior to 1.2.30, which originates from a vulnerability that allows attackers to extract files from ZIP or TGZ packages into arbitrary directories via directory travers...

8.1CVSS7.8AI score0.01166EPSS
Exploits1References2
Rows per page
Query Builder