Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@5.6.7
Typemaven
Namespaceca.uhn.hapi.fhir
Nameorg.hl7.fhir.dstu2016may
Version5.6.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.4.0
Latest_non_vulnerable_version6.9.7
Affected_by_vulnerabilities
0
url VCID-6e8r-kwzy-rub5
vulnerability_id VCID-6e8r-kwzy-rub5
summary The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This issue has been patched in release 6.3.23. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45294.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45294.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45294
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25353
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45294
2
reference_url https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22
reference_id 1.6.22
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2310447
reference_id 2310447
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2310447
4
reference_url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23
reference_id 6.3.23
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45294
reference_id CVE-2024-45294
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45294
6
reference_url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
reference_id GHSA-59rq-22fm-x8q5
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
7
reference_url https://github.com/advisories/GHSA-6cr6-ph3p-f5rf
reference_id GHSA-6cr6-ph3p-f5rf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6cr6-ph3p-f5rf
8
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
reference_id GHSA-6cr6-ph3p-f5rf
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T16:15:37Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
9
reference_url https://access.redhat.com/errata/RHSA-2024:6883
reference_id RHSA-2024:6883
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6883
10
reference_url https://access.redhat.com/errata/RHSA-2024:7052
reference_id RHSA-2024:7052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7052
11
reference_url https://access.redhat.com/errata/RHSA-2024:8064
reference_id RHSA-2024:8064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8064
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.3.23
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.3.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p5um-y43q-dkc5
1
vulnerability VCID-shab-tnsy-cubv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.3.23
aliases CVE-2024-45294, GHSA-6cr6-ph3p-f5rf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6e8r-kwzy-rub5
1
url VCID-p5um-y43q-dkc5
vulnerability_id VCID-p5um-y43q-dkc5
summary HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This is related to GHSA-6cr6-ph3p-f5rf, in which its fix (#1571 & #1717) was incomplete. This issue has been addressed in release version 6.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52007.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52007
reference_id
reference_type
scores
0
value 0.00325
scoring_system epss
scoring_elements 0.5588
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52007
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52007
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52007
3
reference_url https://github.com/hapifhir/org.hl7.fhir.core/issues/1571
reference_id 1571
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/issues/1571
4
reference_url https://github.com/hapifhir/org.hl7.fhir.core/pull/1717
reference_id 1717
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/pull/1717
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2324794
reference_id 2324794
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2324794
6
reference_url https://cwe.mitre.org/data/definitions/611.html
reference_id 611.html
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://cwe.mitre.org/data/definitions/611.html
7
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
reference_id GHSA-6cr6-ph3p-f5rf
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
8
reference_url https://github.com/advisories/GHSA-gr3c-q7xf-47vh
reference_id GHSA-gr3c-q7xf-47vh
reference_type
scores
url https://github.com/advisories/GHSA-gr3c-q7xf-47vh
9
reference_url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-gr3c-q7xf-47vh
reference_id GHSA-gr3c-q7xf-47vh
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-gr3c-q7xf-47vh
10
reference_url https://access.redhat.com/errata/RHSA-2024:9806
reference_id RHSA-2024:9806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9806
11
reference_url https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
reference_id XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T16:07:55Z/
url https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0
aliases CVE-2024-52007, GHSA-gr3c-q7xf-47vh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5um-y43q-dkc5
2
url VCID-shab-tnsy-cubv
vulnerability_id VCID-shab-tnsy-cubv
summary An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51132.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51132
reference_id
reference_type
scores
0
value 0.07937
scoring_system epss
scoring_elements 0.92238
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51132
2
reference_url https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51132
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51132
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323897
reference_id 2323897
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323897
5
reference_url https://github.com/JAckLosingHeart/CVE-2024-51132-POC
reference_id CVE-2024-51132-POC
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/
url https://github.com/JAckLosingHeart/CVE-2024-51132-POC
6
reference_url https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
reference_id GHSA-4cf2-cxp3-rjr7
reference_type
scores
url https://github.com/advisories/GHSA-4cf2-cxp3-rjr7
7
reference_url https://github.com/hapifhir/org.hl7.fhir.core
reference_id org.hl7.fhir.core
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:21:58Z/
url https://github.com/hapifhir/org.hl7.fhir.core
8
reference_url https://access.redhat.com/errata/RHSA-2024:10035
reference_id RHSA-2024:10035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10035
9
reference_url https://access.redhat.com/errata/RHSA-2024:9806
reference_id RHSA-2024:9806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9806
fixed_packages
0
url pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0
purl pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@6.4.0
aliases CVE-2024-51132, GHSA-4cf2-cxp3-rjr7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shab-tnsy-cubv
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may@5.6.7