Fhir

fhir

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Hapi Fhir

hapi_fhir

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-32053 1Fhir 1Hapi Fhir Nov 21, 2024 May 10, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full...Show more JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests.Show less
CVE-2019-12741 1Fhir 1Hapi Fhir Nov 21, 2024 Jun 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensiti...Show more XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.)Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-32053

1Fhir

1Hapi Fhir

Nov 21, 2024

May 10, 2021

N/A· v4

5.3 MEDIUM· v3

5.0 MEDIUM· v2

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests.Show less

CVE-2019-12741

1Fhir

1Hapi Fhir

Nov 21, 2024

Jun 5, 2019

N/A· v4

6.1 MEDIUM· v3

4.3 MEDIUM· v2

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.)Show less