VYPR

Maven package

org.openmrs.web/openmrs-web

pkg:maven/org.openmrs.web/openmrs-web

Vulnerabilities (2)

  • CVE-2026-40076HigMay 6, 2026
    affected <= 2.7.8

    OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/module` is vulnerable to a Zip Slip path traversal attack. During automatic extraction

  • CVE-2026-40075HigMay 5, 2026
    affected <= 2.7.8

    OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesyste