Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2@5.6.104

Type maven

Namespace ca.uhn.hapi.fhir

Name org.hl7.fhir.dstu2

Version 5.6.104

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.9.0

Latest_non_vulnerable_version 6.9.7

Affected_by_vulnerabilities

url VCID-hhuh-bj59-zbfm

vulnerability_id VCID-hhuh-bj59-zbfm

summary HAPI FHIR: hapifhir/org.hl7.fhir.core: HAPI FHIR: Information disclosure and potential impersonation via HTTP redirects sending sensitive headers

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33180

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.14671
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33180

reference_url

https://github.com/hapifhir/org.hl7.fhir.core

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:44:33Z/

url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33180

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33180

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2449841
reference_id	2449841
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2449841

reference_url	https://github.com/advisories/GHSA-p7m9-v2cm-2h7m
reference_id	GHSA-p7m9-v2cm-2h7m
reference_type
scores
url	https://github.com/advisories/GHSA-p7m9-v2cm-2h7m

fixed_packages

url	pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2@6.9.0
purl	pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2@6.9.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2@6.9.0

aliases CVE-2026-33180, GHSA-p7m9-v2cm-2h7m

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhuh-bj59-zbfm

url VCID-t9ha-qzdq-xuaf

vulnerability_id VCID-t9ha-qzdq-xuaf

summary

HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-51132

reference_id

reference_type

scores

value	0.07937
scoring_system	epss
scoring_elements	0.92207
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-51132

reference_url

https://github.com/hapifhir/org.hl7.fhir.core

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/

url

https://github.com/hapifhir/org.hl7.fhir.core

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2323897
reference_id	2323897
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2323897

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-51132

reference_id

CVE-2024-51132

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-51132

reference_url

https://github.com/JAckLosingHeart/CVE-2024-51132-POC

reference_id

CVE-2024-51132-POC

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/

url

https://github.com/JAckLosingHeart/CVE-2024-51132-POC

reference_url	https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
reference_id	GHSA-4cf2-cxp3-rjr7
reference_type
scores
url	https://github.com/advisories/GHSA-4cf2-cxp3-rjr7

reference_url	https://access.redhat.com/errata/RHSA-2024:9806
reference_id	RHSA-2024:9806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9806

fixed_packages

url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2@6.4.0

purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2@6.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hhuh-bj59-zbfm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2@6.4.0

aliases CVE-2024-51132, GHSA-4cf2-cxp3-rjr7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9ha-qzdq-xuaf

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2@5.6.104

Package Instance