Overview
- Description
- HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This is related to GHSA-6cr6-ph3p-f5rf, in which its fix (#1571 & #1717) was incomplete. This issue has been addressed in release version 6.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
Weaknesses
- security-advisories@github.com
- CWE-611
Social media
- Hype score
- Not currently trending
CVE-2024-52007 XML External Entity Injection Vulnerability in HAPI FHIR Java Library HAPI FHIR is a full Java implementation of the HL7 FHIR healthcare standard. Its XSLT parsing is vulnerable to XML external ent... https://t.co/VMpmbYCrIC
@VulmonFeeds
9 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-52007: HIGH] HAPI FHIR software for healthcare in Java vulnerable to XML external entity injections due to XSLT parsing, exposing host system data. Upgrade to version 6.4.0 to fix.#cybersecurity,#vulnerability https://t.co/zNkznLL7hL https://t.co/RhPybQw6bg
@CveFindCom
8 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-52007 HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable t… https://t.co/kLGvCaG3zw
@CVEnew
8 Nov 2024
459 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes