Moderate severityNVD Advisory· Published May 10, 2021· Updated Aug 3, 2024
CVE-2021-32053
CVE-2021-32053
Description
JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ca.uhn.hapi.fhir:hapi-fhir-jpaserver-baseMaven | < 5.4.0 | 5.4.0 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-67f6-c8mx-4q2mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32053ghsaADVISORY
- github.com/hapifhir/hapi-fhir/issues/2641ghsax_refsource_MISCWEB
- github.com/hapifhir/hapi-fhir/pull/2642ghsax_refsource_MISCWEB
- hapifhir.ioghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.