Maven package
org.hl7.fhir.publisher/org.hl7.fhir.publisher.core
pkg:maven/org.hl7.fhir.publisher/org.hl7.fhir.publisher.core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24363 | Med | 4.2 | < 1.8.9 | 1.8.9 | Jan 24, 2025 | The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses | |
| CVE-2024-52807 | Hig | 8.6 | < 1.7.4 | 1.7.4 | Jan 24, 2025 | The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce |
- affected < 1.8.9fixed 1.8.9
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses
- affected < 1.7.4fixed 1.7.4
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce