14 matches found
EUVD-2025-0136
Malicious code in bioql PyPI...
CVE-2025-24363
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information
Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username an...
GHSA-6729-95V3-PJC2 HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information
Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username an...
CVE-2025-24363
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...
CVE-2024-52807
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...
CVE-2025-24363
CVE-2025-24363 affects the HL7 FHIR IG Publisher. In versions prior to 1.8.9, the CLI in CI contexts uses git to derive the origin URL; if the repo URL includes a username/password/token, that credentialed URL can be embedded in the generated Implementation Guide, exposing credentials. Impact is ...
CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...
CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...
CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...
CVE-2024-52807
The CVE-2024-52807 entry affects the org.hl7.fhir.publisher package used to generate HL7 FHIR IGs. The root cause is XML External Entity (XXE) injections in XSLT transforms performed by multiple components prior to version 1.7.4, which could allow a malicious DTD tag in submitted XML to cause dat...
PT-2025-2936
Name of the Vulnerable Software and Affected Versions HL7 FHIR IG publisher versions prior to 1.7.4 Description The HL7 FHIR IG publisher is vulnerable to XML external entity injections due to XSLT transforms performed by various components. This issue can be exploited by submitting a malicious X...
PT-2025-5345 · Hl7 · Hl7 Fhir Ig Publisher
Name of the Vulnerable Software and Affected Versions: HL7 FHIR IG publisher versions prior to 1.8.9 Description: The HL7 FHIR IG publisher has an issue where it exposes usernames and credentials in the built Implementation Guide when using git commands to determine the URL of the originating rep...
fhir-ig-publisher 路径遍历漏洞
HL7 fhir-ig-publisher is the source code for IG publisher from HL7. A security vulnerability exists in fhir-ig-publisher versions prior to 1.2.30, which originates from a vulnerability that allows attackers to extract files from ZIP or TGZ packages into arbitrary directories via directory travers...