You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To Reproduce
As per the above CVE's, it can be exploited via "External XML Entity Injections"
Environment (please complete the following information):
HAPI FHIR Version: 6.4.0
Additional context
In our application, all access to FHIR store/server is restricted from direct access. Access to FHIR store/server is only via our Microservices APIs. Since, our MS APIs have a defined request object which is also validated before triggering the FHIR query to retrieve the data, there is no scope for the occurrence of “External XML Entity Injections” attack.
Please let us know, this vulnerability exposes our application in any other way?
The text was updated successfully, but these errors were encountered:
Describe the bug
There are vulnerabilities reported in HAPI FHIR like CVE-2024-45294, CVE-2024-51132, CVE-2024-52007
To Reproduce
As per the above CVE's, it can be exploited via "External XML Entity Injections"
Environment (please complete the following information):
Additional context
In our application, all access to FHIR store/server is restricted from direct access. Access to FHIR store/server is only via our Microservices APIs. Since, our MS APIs have a defined request object which is also validated before triggering the FHIR query to retrieve the data, there is no scope for the occurrence of “External XML Entity Injections” attack.
Please let us know, this vulnerability exposes our application in any other way?
The text was updated successfully, but these errors were encountered: