Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@5.3.1
Typemaven
Namespaceca.uhn.hapi.fhir
Nameorg.hl7.fhir.utilities
Version5.3.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.9.4
Latest_non_vulnerable_version6.9.4
Affected_by_vulnerabilities
0
url VCID-6e8r-kwzy-rub5
vulnerability_id VCID-6e8r-kwzy-rub5
summary The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This issue has been patched in release 6.3.23. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45294.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45294.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45294
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25554
published_at 2026-06-14T12:55:00Z
1
value 0.00089
scoring_system epss
scoring_elements 0.2557
published_at 2026-06-13T12:55:00Z
2
value 0.00089
scoring_system epss
scoring_elements 0.25551
published_at 2026-06-12T12:55:00Z
3
value 0.00089
scoring_system epss
scoring_elements 0.25353
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45294
2
reference_url https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22
reference_id 1.6.22
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2310447
reference_id 2310447
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2310447
4
reference_url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23
reference_id 6.3.23
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45294
reference_id CVE-2024-45294
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45294
6
reference_url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
reference_id GHSA-59rq-22fm-x8q5
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
7
reference_url https://github.com/advisories/GHSA-6cr6-ph3p-f5rf
reference_id GHSA-6cr6-ph3p-f5rf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6cr6-ph3p-f5rf
8
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
reference_id GHSA-6cr6-ph3p-f5rf
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
9
reference_url https://access.redhat.com/errata/RHSA-2024:6883
reference_id RHSA-2024:6883
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6883
10
reference_url https://access.redhat.com/errata/RHSA-2024:7052
reference_id RHSA-2024:7052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7052
11
reference_url https://access.redhat.com/errata/RHSA-2024:8064
reference_id RHSA-2024:8064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8064
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.3.23
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.3.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8m3g-sqf9-mube
1
vulnerability VCID-jzm7-u2yj-1kbd
2
vulnerability VCID-p5um-y43q-dkc5
3
vulnerability VCID-shab-tnsy-cubv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.3.23
aliases CVE-2024-45294, GHSA-6cr6-ph3p-f5rf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6e8r-kwzy-rub5
1
url VCID-8m3g-sqf9-mube
vulnerability_id VCID-8m3g-sqf9-mube
summary HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer() uses String.startsWith() to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs (e.g., http://tx.fhir.org) lack a trailing slash or host boundary check, an attacker-controlled domain like http://tx.fhir.org.attacker.com matches the prefix and receives Bearer tokens, Basic auth credentials, or API keys when the HTTP client follows a redirect to that domain. This issue has been patched in version 6.9.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34359
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10763
published_at 2026-06-14T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10736
published_at 2026-06-11T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10794
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34359
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34359
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34359
2
reference_url https://github.com/advisories/GHSA-fgv2-4q4g-wc35
reference_id GHSA-fgv2-4q4g-wc35
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fgv2-4q4g-wc35
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fgv2-4q4g-wc35
reference_id GHSA-fgv2-4q4g-wc35
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:23Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fgv2-4q4g-wc35
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.9.4
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.9.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.9.4
aliases CVE-2026-34359, GHSA-fgv2-4q4g-wc35
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8m3g-sqf9-mube
2
url VCID-jzm7-u2yj-1kbd
vulnerability_id VCID-jzm7-u2yj-1kbd
summary HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers to subsequent hosts is a problem as this header often contains privacy sensitive information or data that could allow others to impersonate the client's request. This issue has been patched in release 6.9.0. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33180
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14764
published_at 2026-06-14T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14793
published_at 2026-06-13T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14674
published_at 2026-06-11T12:55:00Z
3
value 0.00046
scoring_system epss
scoring_elements 0.14794
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33180
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33180
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33180
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2449841
reference_id 2449841
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2449841
4
reference_url https://github.com/advisories/GHSA-p7m9-v2cm-2h7m
reference_id GHSA-p7m9-v2cm-2h7m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p7m9-v2cm-2h7m
5
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m
reference_id GHSA-p7m9-v2cm-2h7m
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:44:33Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.9.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8m3g-sqf9-mube
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.9.0
aliases CVE-2026-33180, GHSA-p7m9-v2cm-2h7m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzm7-u2yj-1kbd
3
url VCID-np8k-exy7-p7gy
vulnerability_id VCID-np8k-exy7-p7gy
summary HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24057
reference_id
reference_type
scores
0
value 0.00688
scoring_system epss
scoring_elements 0.72311
published_at 2026-06-13T12:55:00Z
1
value 0.00688
scoring_system epss
scoring_elements 0.72305
published_at 2026-06-14T12:55:00Z
2
value 0.00688
scoring_system epss
scoring_elements 0.72215
published_at 2026-06-11T12:55:00Z
3
value 0.00688
scoring_system epss
scoring_elements 0.72297
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24057
1
reference_url https://github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24057
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24057
4
reference_url https://github.com/advisories/GHSA-jqh6-9574-5x22
reference_id GHSA-jqh6-9574-5x22
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jqh6-9574-5x22
5
reference_url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg
reference_id GHSA-xr8x-pxm6-prjg
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-01T19:25:38Z/
url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@5.6.92
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@5.6.92
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6e8r-kwzy-rub5
1
vulnerability VCID-8m3g-sqf9-mube
2
vulnerability VCID-jzm7-u2yj-1kbd
3
vulnerability VCID-p5um-y43q-dkc5
4
vulnerability VCID-shab-tnsy-cubv
5
vulnerability VCID-xw7v-4aeh-9ybt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@5.6.92
aliases CVE-2023-24057, GHSA-jqh6-9574-5x22, GMS-2023-96
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-np8k-exy7-p7gy
4
url VCID-p5um-y43q-dkc5
vulnerability_id VCID-p5um-y43q-dkc5
summary HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This is related to GHSA-6cr6-ph3p-f5rf, in which its fix (#1571 & #1717) was incomplete. This issue has been addressed in release version 6.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52007.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52007
reference_id
reference_type
scores
0
value 0.00325
scoring_system epss
scoring_elements 0.56003
published_at 2026-06-14T12:55:00Z
1
value 0.00325
scoring_system epss
scoring_elements 0.56016
published_at 2026-06-13T12:55:00Z
2
value 0.00325
scoring_system epss
scoring_elements 0.56001
published_at 2026-06-12T12:55:00Z
3
value 0.00325
scoring_system epss
scoring_elements 0.5588
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52007
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52007
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52007
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/issues/1571
reference_id 1571
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/issues/1571
4
reference_url https://github.com/hapifhir/org.hl7.fhir.core/pull/1717
reference_id 1717
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/pull/1717
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2324794
reference_id 2324794
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2324794
6
reference_url https://cwe.mitre.org/data/definitions/611.html
reference_id 611.html
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://cwe.mitre.org/data/definitions/611.html
7
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
reference_id GHSA-6cr6-ph3p-f5rf
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
8
reference_url https://github.com/advisories/GHSA-gr3c-q7xf-47vh
reference_id GHSA-gr3c-q7xf-47vh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gr3c-q7xf-47vh
9
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-gr3c-q7xf-47vh
reference_id GHSA-gr3c-q7xf-47vh
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-gr3c-q7xf-47vh
10
reference_url https://access.redhat.com/errata/RHSA-2024:9806
reference_id RHSA-2024:9806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9806
11
reference_url https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
reference_id XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.4.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8m3g-sqf9-mube
1
vulnerability VCID-jzm7-u2yj-1kbd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.4.0
aliases CVE-2024-52007, GHSA-gr3c-q7xf-47vh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5um-y43q-dkc5
5
url VCID-shab-tnsy-cubv
vulnerability_id VCID-shab-tnsy-cubv
summary An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51132
reference_id
reference_type
scores
0
value 0.07937
scoring_system epss
scoring_elements 0.9227
published_at 2026-06-14T12:55:00Z
1
value 0.07937
scoring_system epss
scoring_elements 0.92265
published_at 2026-06-12T12:55:00Z
2
value 0.07937
scoring_system epss
scoring_elements 0.92238
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51132
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51132
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51132
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323897
reference_id 2323897
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323897
5
reference_url https://github.com/JAckLosingHeart/CVE-2024-51132-POC
reference_id CVE-2024-51132-POC
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/
url https://github.com/JAckLosingHeart/CVE-2024-51132-POC
6
reference_url https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
reference_id GHSA-4cf2-cxp3-rjr7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
7
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id org.hl7.fhir.core
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/
url https://github.com/hapifhir/org.hl7.fhir.core
8
reference_url https://access.redhat.com/errata/RHSA-2024:10035
reference_id RHSA-2024:10035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10035
9
reference_url https://access.redhat.com/errata/RHSA-2024:9806
reference_id RHSA-2024:9806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9806
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.4.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8m3g-sqf9-mube
1
vulnerability VCID-jzm7-u2yj-1kbd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@6.4.0
aliases CVE-2024-51132, GHSA-4cf2-cxp3-rjr7
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shab-tnsy-cubv
6
url VCID-xw7v-4aeh-9ybt
vulnerability_id VCID-xw7v-4aeh-9ybt
summary The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28465
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.73295
published_at 2026-06-11T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.73384
published_at 2026-06-14T12:55:00Z
2
value 0.00737
scoring_system epss
scoring_elements 0.73386
published_at 2026-06-13T12:55:00Z
3
value 0.00737
scoring_system epss
scoring_elements 0.73371
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28465
1
reference_url https://github.com/hapifhir/org.hl7.fhir.core/blob/b0daf666725fa14476d147522155af1e81922aac/org.hl7.fhir.r4b/src/main/java/org/hl7/fhir/r4b/terminologies/TerminologyCacheManager.java#L99-L105
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/blob/b0daf666725fa14476d147522155af1e81922aac/org.hl7.fhir.r4b/src/main/java/org/hl7/fhir/r4b/terminologies/TerminologyCacheManager.java#L99-L105
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core/pull/1162
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/pull/1162
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/5.6.106
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/5.6.106
4
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-9654-pr4f-gh6m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-9654-pr4f-gh6m
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28465
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28465
6
reference_url https://github.com/advisories/GHSA-9654-pr4f-gh6m
reference_id GHSA-9654-pr4f-gh6m
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/
url https://github.com/advisories/GHSA-9654-pr4f-gh6m
7
reference_url https://www.smilecdr.com/our-blog
reference_id our-blog
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/
url https://www.smilecdr.com/our-blog
8
reference_url https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health
reference_id statement-on-cve-2023-24057-smile-digital-health
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:31:13Z/
url https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@5.6.106
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@5.6.106
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6e8r-kwzy-rub5
1
vulnerability VCID-8m3g-sqf9-mube
2
vulnerability VCID-jzm7-u2yj-1kbd
3
vulnerability VCID-p5um-y43q-dkc5
4
vulnerability VCID-shab-tnsy-cubv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@5.6.106
aliases CVE-2023-28465, GHSA-9654-pr4f-gh6m, GMS-2023-707, GMS-2023-708, GMS-2023-709, GMS-2023-710, GMS-2023-711, GMS-2023-712
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw7v-4aeh-9ybt
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilities@5.3.1