Critical severity9.8OSV Advisory· Published Nov 5, 2024· Updated Apr 15, 2026
CVE-2024-51132
CVE-2024-51132
Description
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ca.uhn.hapi.fhir:org.hl7.fhir.convertorsMaven | < 6.4.0 | 6.4.0 |
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2Maven | < 6.4.0 | 6.4.0 |
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016mayMaven | < 6.4.0 | 6.4.0 |
ca.uhn.hapi.fhir:org.hl7.fhir.dstu3Maven | < 6.4.0 | 6.4.0 |
ca.uhn.hapi.fhir:org.hl7.fhir.r4Maven | < 6.4.0 | 6.4.0 |
ca.uhn.hapi.fhir:org.hl7.fhir.r4bMaven | < 6.4.0 | 6.4.0 |
ca.uhn.hapi.fhir:org.hl7.fhir.r5Maven | < 6.4.0 | 6.4.0 |
ca.uhn.hapi.fhir:org.hl7.fhir.utilitiesMaven | < 6.4.0 | 6.4.0 |
ca.uhn.hapi.fhir:org.hl7.fhir.validationMaven | < 6.4.0 | 6.4.0 |
Affected products
10- Range: 1.1.67, 5.0.10, 5.0.11, …
- ghsa-coords9 versionspkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.convertorspkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016maypkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu3pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r4pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r4bpkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.utilitiespkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.validation
< 6.4.0+ 8 more
- (no CPE)range: < 6.4.0
- (no CPE)range: < 6.4.0
- (no CPE)range: < 6.4.0
- (no CPE)range: < 6.4.0
- (no CPE)range: < 6.4.0
- (no CPE)range: < 6.4.0
- (no CPE)range: < 6.4.0
- (no CPE)range: < 6.4.0
- (no CPE)range: < 6.4.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.