GHSA-vpxm-cr3r-pjp9: General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches

January 30, 2025

We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We’ve released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules.

This notice applies to all OpenMRS instances. The testers used the OpenMRS v3 Reference Application (O3 RefApp); however, their findings highlighted modules commonly used in older OpenMRS applications, including the O2 RefApp.

References

github.com/advisories/GHSA-vpxm-cr3r-pjp9
github.com/openmrs/openmrs-core
github.com/openmrs/openmrs-core/security/advisories/GHSA-vpxm-cr3r-pjp9

Code Behaviors & Features

Detect and mitigate GHSA-vpxm-cr3r-pjp9 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →