CVE-2025-24363
- EPSS 0.04%
- Veröffentlicht 24.01.2025 19:15:13
- Zuletzt bearbeitet 24.01.2025 19:15:13
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwi...
CVE-2024-52807
- EPSS 0.03%
- Veröffentlicht 24.01.2025 19:15:12
- Zuletzt bearbeitet 29.01.2026 00:16:05
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious...
CVE-2023-24057
- EPSS 0.93%
- Veröffentlicht 26.01.2023 21:18:15
- Zuletzt bearbeitet 01.04.2025 20:15:16
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).