PT-2024-34533 · Hapi Fhir · Hapi Fhir

Jacklosingheart

Published

2024-11-02

Updated

2024-11-06

CVE-2024-51132

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0

Description: The issue allows attackers to access sensitive information or execute arbitrary code by supplying a crafted request containing malicious XML entities. This is due to an XML External Entity (XXE) vulnerability.

Recommendations: For versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of external XML entities to minimize the risk of exploitation.

Exploit

Fix

XXE

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-601

Related Identifiers

CVE-2024-51132

GHSA-4CF2-CXP3-RJR7

Affected Products

Hapi Fhir

PT-2024-34533 · Hapi Fhir · Hapi Fhir

CVE-2024-51132

Weakness Enumeration

Related Identifiers

Affected Products

References · 9