Lucene search
K

6 matches found

Snyk
Snyk
added 2026/06/17 6:47 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches function in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular expressions that trigger excessive...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:23 p.m.8 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

8.7CVSS5.8AI score0.00086EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 8:23 p.m.6 views

GHSA-3653-68V6-RQ57 HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

7.5CVSS6.1AI score0.00086EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.11 views

PT-2026-41778

Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

7.5CVSS6.1AI score0.00086EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.10 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.9 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
Rows per page
Query Builder