CVE-2021-32053

Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 5.4.0

Description: The issue allows a user to deny service, for example, disable access to the database after the attack stops, via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests.

Recommendations: For versions prior to 5.4.0, update to version 5.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to history requests to minimize the risk of exploitation.