CVE-2024-51132

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-51132

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51132.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-51132

Aliases

GHSA-4cf2-cxp3-rjr7

Published

2024-11-05T17:15:07.310Z

Modified

2026-04-10T05:14:46.141349Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

References

Affected packages

Git / github.com/hapifhir/org.hl7.fhir.core

Affected ranges

Type

GIT

Repo

https://github.com/hapifhir/org.hl7.fhir.core

Events

Introduced

Fixed

26c445c8fc841d5e73c4662391b970f4a2bcc805

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "v6.4.0"
        }
    ]
}

Affected versions

1.*

1.1.67

5.*

5.0.10

5.0.11

5.0.12

5.0.13

5.0.14

5.0.16

5.0.17

5.0.18

5.0.19

5.0.20

5.0.21

5.0.22

5.0.7

5.0.8

5.0.9

5.1.1

5.1.2

5.1.3

5.1.4

5.1.6

5.1.7

5.3.1

5.3.10

5.3.11

5.3.12

5.3.14

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.9

5.4.1

5.4.10

5.4.12

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.1

5.5.10

5.5.11

5.5.12

5.5.13

5.5.14

5.5.15

5.5.3

5.5.4

5.5.6

5.5.7

5.5.8

5.5.9

5.6.0

5.6.1

5.6.100

5.6.101

5.6.102

5.6.103

5.6.104

5.6.105

5.6.106

5.6.107

5.6.108

5.6.109

5.6.110

5.6.111

5.6.112

5.6.114

5.6.115

5.6.116

5.6.15

5.6.17

5.6.18

5.6.19

5.6.20

5.6.21

5.6.22

5.6.23

5.6.24

5.6.25

5.6.26

5.6.27

5.6.28

5.6.29

5.6.3

5.6.4

5.6.42

5.6.43

5.6.44

5.6.45

5.6.46

5.6.47

5.6.48

5.6.50

5.6.52

5.6.53

5.6.54

5.6.56

5.6.6

5.6.61

5.6.62

5.6.63

5.6.64

5.6.65

5.6.66

5.6.67

5.6.68

5.6.69

5.6.7

5.6.70

5.6.71

5.6.72

5.6.74

5.6.75

5.6.76

5.6.77

5.6.78

5.6.79

5.6.80

5.6.84

5.6.85

5.6.86

5.6.87

5.6.88

5.6.89

5.6.9

5.6.90

5.6.91

5.6.92

5.6.96

5.6.97

5.6.98

5.6.99

6.*

6.0.0

6.0.1

6.0.10

6.0.11

6.0.12

6.0.13

6.0.14

6.0.15

6.0.16

6.0.17

6.0.18

6.0.19

6.0.2

6.0.20

6.0.21

6.0.23

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.1.1

6.1.10

6.1.13

6.1.14

6.1.15

6.1.16

6.1.2

6.1.3

6.1.4

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.1

6.2.10

6.2.11

6.2.12

6.2.13

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.2.9

6.3.11

6.3.14

6.3.15

6.3.18

6.3.19

6.3.20

6.3.21

6.3.22

6.3.23

6.3.26

6.3.27

6.3.29

6.3.30

6.3.31

6.3.32

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

v5.*

v5.3.0

v5.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51132.json"