Skip to content

JAckLosingHeart/CVE-2024-51132-POC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2024-51132-POC

Vulnerability Type

XXE - XML External Entity Injection. The XXE vulnerability found within mulitple artifacts or modules with https://github.com/hapifhir/org.hl7.fhir.core/ repository can be further exploited to do SSRF, leak information and etc.

Affected Products and Versions

org.hl7.fhir.convertors < 6.4.0

org.hl7.fhir.dstu2 < 6.4.0

org.hl7.fhir.dstu2016may < 6.4.0

org.hl7.fhir.dstu3 < 6.4.0

org.hl7.fhir.r4 < 6.4.0

org.hl7.fhir.r4b < 6.4.0

org.hl7.fhir.r5 < 6.4.0

org.hl7.fhir.utilities < 6.4.0

org.hl7.fhir.validation < 6.4.0

Comment

Found one of vulnerable places with my code analysis tool on probably 10/19/2024. However later I found there had been multiple commits by maintainers to fix the vulnerability and showed there were even more of them with the same issue than I thought.

Reference

https://github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages