7 matches found
XML External Entity (XXE) Injection
de.gematik.refv.commons:commons is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the insecure default configuration of the WstxInputFactory. An attacker can issue unauthorized network requests or access internal systems by supplying malicious XML content...
CVE-2024-46984
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
CVE-2024-46984
CVE-2024-46984 affects gematik app-referencevalidator’s referencevalidator Commons profile location routine, which is vulnerable to XML External Entities (XXE) due to insecure Woodstox WstxInputFactory defaults. A malicious XML resource can induce network requests and Server-Side Request Forgery ...
CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
Impact The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a Server Side...