Directory Traversal Vulnerability in HL7 FHIR Core Libraries by Smile CDR
CVE-2023-28465

7.5HIGH

Key Information:

Vendor: Hapifhir
Status: Hl7 Fhir Core
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-28465?

A directory traversal vulnerability exists in the package-decompression feature of the HL7 FHIR Core Libraries prior to version 5.6.106. This flaw enables attackers to copy arbitrary files to specified directories if an allowed directory name resembles a part of the directory name input by the attacker. This vulnerability is notably present due to the incomplete resolution of a previously reported issue, further highlighting the importance of thorough security assessments and updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.smilecdr.com/our-blog/statement-on-cve-2023-2...

https://www.smilecdr.com/our-blog

https://github.com/advisories/GHSA-9654-pr4f-gh6m

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Mar 15, 2023

JSON

Hapifhir

What is CVE-2023-28465?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.