Количество 2
Количество 2
CVE-2024-52807
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available.
GHSA-8c3x-hq82-gjcm
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-52807 The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available. | CVSS3: 8.6 | 0% Низкий | около 1 года назад |
| GHSA-8c3x-hq82-gjcm XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` | CVSS3: 8.6 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу