Fhir Ig Publisher@* Security Vulnerabilities and Issues — Fhir Ig Publisher@* CVE List

Lucene search

Hl7Fhir Ig Publisher*

3 matches found

CVE•added 2023/01/26 9:18 p.m.•107 views

CVE-2023-24057

HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).

8.1CVSS7.5AI score0.00833EPSS

CVE•added 2025/01/24 7:15 p.m.•46 views

CVE-2025-24363

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and cre...

4.2CVSS7.4AI score0.00021EPSS

CVE•added 2025/01/24 7:15 p.m.•42 views

CVE-2024-52807

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( ]> could produce XML containing dat...

8.6CVSS8.6AI score0.0007EPSS