Vulnerabilities > Hapifhir > HL7 Fhir Core > 5.6.39
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-12 | CVE-2023-28465 | Path Traversal vulnerability in Hapifhir HL7 Fhir Core The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. | 7.5 |
2023-01-26 | CVE-2023-24057 | Path Traversal vulnerability in multiple products HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive). | 8.1 |