CVE-2023-24057: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
(updated )
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).
References
- github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg
- github.com/advisories/GHSA-jqh6-9574-5x22
- github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc
- github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22
- nvd.nist.gov/vuln/detail/CVE-2023-24057
Detect and mitigate CVE-2023-24057 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →