CVE-2024-46984

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

CVE-2024-46984

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

CVE-2024-46984

CVE-2024-46984 affects gematik app-referencevalidator’s referencevalidator Commons profile location routine, which is vulnerable to XML External Entities (XXE) due to insecure Woodstox WstxInputFactory defaults. A malicious XML resource can induce network requests and Server-Side Request Forgery ...

de.gematik.bbriccs:bricks-integration-coverage (=0.1.9), de.gematik.bbriccs:fd-fhir-client-brick (=0.1.9) +18 more potentially affected by CVE-2024-46984 via de.gematik.refv.commons:commons (>=0.1.3 <=2.5.0)

de.gematik.refv.commons:commons MAVEN version =0.1.3, =0.1.9, =0.1.9, =2.1.0, =1.0.0, =0.6.0, =0.3.0, =0.1.3, =0.5.0, =0.5.0, =0.4.1, =0.1.3, =0.3.0 and more Source cves: CVE-2024-46984 Source advisory: OSV:GHSA-68J8-FP38-P48Q...