CVE-2024-51132: HAPI FHIR XML External Entity (XXE) vulnerability

November 5, 2024 (updated November 6, 2024)

An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

References

github.com/JAckLosingHeart/CVE-2024-51132-POC
github.com/advisories/GHSA-4cf2-cxp3-rjr7
github.com/hapifhir/org.hl7.fhir.core
github.com/hapifhir/org.hl7.fhir.core/commit/7ede053a5fca50cc2802884c661a241d51703a67
nvd.nist.gov/vuln/detail/CVE-2024-51132

Code Behaviors & Features

Detect and mitigate CVE-2024-51132 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →