Количество 2
Количество 2
CVE-2023-28465
The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057.
GHSA-9654-pr4f-gh6m
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-28465 The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057. | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
| GHSA-9654-pr4f-gh6m HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057 | CVSS3: 7.5 | 1% Низкий | почти 3 года назад |
Уязвимостей на страницу