- Description
- The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-611
- Hype score
- Not currently trending
CVE-2024-52807 XML External Entity Injection in HL7 FHIR IG Publisher Pre-1.7.4 https://t.co/JTJ7LxVhOp Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
24 Jan 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-52807: HIGH] Stay secure with HL7 FHIR IG Publisher v1.7.4! Earlier versions are vulnerable to XML external entity injections, potentially exposing sensitive data. Update now to protect your system.#cybersecurity,#vulnerability https://t.co/mu2iGAmSWZ https://t.co/SKxYs
@CveFindCom
24 Jan 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-52807 The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are… https://t.co/oF3duCMTvN
@CVEnew
24 Jan 2025
138 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes