VYPR
Moderate severityNVD Advisory· Published May 10, 2021· Updated Aug 3, 2024

CVE-2021-32053

CVE-2021-32053

Description

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ca.uhn.hapi.fhir:hapi-fhir-jpaserver-baseMaven
< 5.4.05.4.0

Affected products

1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.