Maven package

ca.uhn.hapi.fhir/org.hl7.fhir.dstu2

pkg:maven/ca.uhn.hapi.fhir/org.hl7.fhir.dstu2

Vulnerabilities (3)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-55470	hig	—	< 6.9.10	6.9.10	Jun 17, 2026	## Summary The fix for CVE-2026-45367 added `RegexTimeout` protection to the `matches()` function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In `org.hl7.fhir.dstu2`, `replaceMatches()` was updated while `matches()` at line 2462 still ca
CVE-2026-33180	Hig	7.5	< 6.9.0	6.9.0	Mar 20, 2026	HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirec
CVE-2024-51132	Cri	9.8	< 6.4.0	6.4.0	Nov 5, 2024	An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

CVE-2026-55470higJun 17, 2026
affected < 6.9.10fixed 6.9.10
## Summary The fix for CVE-2026-45367 added `RegexTimeout` protection to the `matches()` function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In `org.hl7.fhir.dstu2`, `replaceMatches()` was updated while `matches()` at line 2462 still ca
CVE-2026-33180HigMar 20, 2026
affected < 6.9.0fixed 6.9.0
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirec
CVE-2024-51132CriNov 5, 2024
affected < 6.4.0fixed 6.4.0
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.