Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.3.23

Type maven

Namespace ca.uhn.hapi.fhir

Name org.hl7.fhir.dstu2016may

Version 6.3.23

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.9.0

Latest_non_vulnerable_version 6.9.7

Affected_by_vulnerabilities

url VCID-jzm7-u2yj-1kbd

vulnerability_id VCID-jzm7-u2yj-1kbd

summary HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers to subsequent hosts is a problem as this header often contains privacy sensitive information or data that could allow others to impersonate the client's request. This issue has been patched in release 6.9.0. No known workarounds are available.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33180

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.14674
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33180

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33180

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33180

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2449841
reference_id	2449841
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2449841

reference_url

https://github.com/advisories/GHSA-p7m9-v2cm-2h7m

reference_id

GHSA-p7m9-v2cm-2h7m

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p7m9-v2cm-2h7m

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m

reference_id

GHSA-p7m9-v2cm-2h7m

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:44:33Z/

url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m

fixed_packages

url	pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.9.0
purl	pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.9.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.9.0

aliases CVE-2026-33180, GHSA-p7m9-v2cm-2h7m

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzm7-u2yj-1kbd

url VCID-p5um-y43q-dkc5

vulnerability_id VCID-p5um-y43q-dkc5

summary HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This is related to GHSA-6cr6-ph3p-f5rf, in which its fix (#1571 & #1717) was incomplete. This issue has been addressed in release version 6.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52007.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52007.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52007

reference_id

reference_type

scores

value	0.00325
scoring_system	epss
scoring_elements	0.5588
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52007

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52007

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52007

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/issues/1571

reference_id

1571

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/

url

https://github.com/hapifhir/org.hl7.fhir.core/issues/1571

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/pull/1717

reference_id

1717

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/

url

https://github.com/hapifhir/org.hl7.fhir.core/pull/1717

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2324794
reference_id	2324794
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2324794

reference_url

https://cwe.mitre.org/data/definitions/611.html

reference_id

611.html

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/

url

https://cwe.mitre.org/data/definitions/611.html

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf

reference_id

GHSA-6cr6-ph3p-f5rf

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/

url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf

reference_url	https://github.com/advisories/GHSA-gr3c-q7xf-47vh
reference_id	GHSA-gr3c-q7xf-47vh
reference_type
scores
url	https://github.com/advisories/GHSA-gr3c-q7xf-47vh

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-gr3c-q7xf-47vh

reference_id

GHSA-gr3c-q7xf-47vh

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/

url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-gr3c-q7xf-47vh

reference_url	https://access.redhat.com/errata/RHSA-2024:9806
reference_id	RHSA-2024:9806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9806

reference_url

https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j

reference_id

XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/

url

https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j

fixed_packages

url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0

purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzm7-u2yj-1kbd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0

aliases CVE-2024-52007, GHSA-gr3c-q7xf-47vh

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5um-y43q-dkc5

url VCID-shab-tnsy-cubv

vulnerability_id VCID-shab-tnsy-cubv

summary An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-51132

reference_id

reference_type

scores

value	0.07937
scoring_system	epss
scoring_elements	0.92238
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-51132

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-51132

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-51132

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2323897
reference_id	2323897
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2323897

reference_url

https://github.com/JAckLosingHeart/CVE-2024-51132-POC

reference_id

CVE-2024-51132-POC

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/

url

https://github.com/JAckLosingHeart/CVE-2024-51132-POC

reference_url	https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
reference_id	GHSA-4cf2-cxp3-rjr7
reference_type
scores
url	https://github.com/advisories/GHSA-4cf2-cxp3-rjr7

reference_url

https://github.com/hapifhir/org.hl7.fhir.core

reference_id

org.hl7.fhir.core

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/

url

https://github.com/hapifhir/org.hl7.fhir.core

reference_url	https://access.redhat.com/errata/RHSA-2024:10035
reference_id	RHSA-2024:10035
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10035

reference_url	https://access.redhat.com/errata/RHSA-2024:9806
reference_id	RHSA-2024:9806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9806

fixed_packages

url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0

purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzm7-u2yj-1kbd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0

aliases CVE-2024-51132, GHSA-4cf2-cxp3-rjr7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shab-tnsy-cubv

Fixing_vulnerabilities

url VCID-6e8r-kwzy-rub5

vulnerability_id VCID-6e8r-kwzy-rub5

summary The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This issue has been patched in release 6.3.23. No known workarounds are available.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45294.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45294.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45294

reference_id

reference_type

scores

value	0.00089
scoring_system	epss
scoring_elements	0.25353
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45294

reference_url

https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22

reference_id

1.6.22

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/

url

https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2310447
reference_id	2310447
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2310447

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23

reference_id

6.3.23

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/

url

https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45294

reference_id

CVE-2024-45294

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45294

reference_url

https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5

reference_id

GHSA-59rq-22fm-x8q5

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/

url

https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5

reference_url

https://github.com/advisories/GHSA-6cr6-ph3p-f5rf

reference_id

GHSA-6cr6-ph3p-f5rf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6cr6-ph3p-f5rf

reference_url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf

reference_id

GHSA-6cr6-ph3p-f5rf

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/

url

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf

reference_url	https://access.redhat.com/errata/RHSA-2024:6883
reference_id	RHSA-2024:6883
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6883

reference_url	https://access.redhat.com/errata/RHSA-2024:7052
reference_id	RHSA-2024:7052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7052

reference_url	https://access.redhat.com/errata/RHSA-2024:8064
reference_id	RHSA-2024:8064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8064

fixed_packages

url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.3.23

purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.3.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzm7-u2yj-1kbd

vulnerability	VCID-p5um-y43q-dkc5

vulnerability	VCID-shab-tnsy-cubv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.3.23

aliases CVE-2024-45294, GHSA-6cr6-ph3p-f5rf

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6e8r-kwzy-rub5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.3.23

Package Instance