Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05NjU0LXByNGYtZ2g2bc4AAyDc
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057
Impact
Zip Slip protections implemented in CVE-2023-24057 (GHSA-jqh6-9574-5x22) can be bypassed due a partial path traversal vulnerability.
This issue allows a malicious actor to potentially break out of the TerminologyCacheManager cache directory. The impact is limited to sibling directories.
To demonstrate the vulnerability, consider userControlled.getCanonicalPath().startsWith("/usr/out") will allow an attacker to access a directory with a name like /usr/outnot.
Why?
To demonstrate this vulnerability, consider "/usr/outnot".startsWith("/usr/out").
The check is bypassed although /outnot is not under the /out directory.
It's important to understand that the terminating slash may be removed when using various String representations of the File object.
For example, on Linux, println(new File("/var")) will print /var, but println(new File("/var", "/") will print /var/;
however, println(new File("/var", "/").getCanonicalPath()) will print /var.
The Fix
Comparing paths with the java.nio.files.Path#startsWith will adequately protect againts this vulnerability.
For example: file.getCanonicalFile().toPath().startsWith(BASE_DIRECTORY) or file.getCanonicalFile().toPath().startsWith(BASE_DIRECTORY_FILE.getCanonicalFile().toPath())
Other Examples
- CVE-2022-31159 - aws/aws-sdk-java
- CVE-2022-23457 - ESAPI/esapi-java-legacy
Vulnerability
While getAbsolutePath will return a normalized path, because the string path is not slash terminated, the guard can be bypassed to write the contents of the Zip file to a sibling directory of the cache directory.
Patches
All org.hl7.fhir.core libraries should be updated to 5.6.106.
Workarounds
Unknown
References
Permalink: https://github.com/advisories/GHSA-9654-pr4f-gh6mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NjU0LXByNGYtZ2g2bc4AAyDc
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 5 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-9654-pr4f-gh6m, CVE-2023-28465
References:
- https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-9654-pr4f-gh6m
- https://github.com/hapifhir/org.hl7.fhir.core/blob/b0daf666725fa14476d147522155af1e81922aac/org.hl7.fhir.r4b/src/main/java/org/hl7/fhir/r4b/terminologies/TerminologyCacheManager.java#L99-L105
- https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/5.6.106
- https://github.com/hapifhir/org.hl7.fhir.core/pull/1162
- https://nvd.nist.gov/vuln/detail/CVE-2023-28465
- https://github.com/advisories/GHSA-9654-pr4f-gh6m
- https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health
- https://www.smilecdr.com/our-blog
Blast Radius: 14.2
Affected Packages
maven:ca.uhn.hapi.fhir:org.hl7.fhir.validation
Dependent packages: 9Dependent repositories: 53
Downloads:
Affected Version Ranges: < 5.6.106
Fixed in: 5.6.106
All affected versions: 0.0.1, 0.0.2, 0.0.14, 0.1.18, 1.0.0, 1.1.67, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.2.0, 5.0.0, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.2.0, 5.2.1, 5.2.3, 5.2.4, 5.2.5, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.16, 5.2.18, 5.2.19, 5.2.20, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.14, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.9, 5.6.12, 5.6.13, 5.6.15, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.6.40, 5.6.41, 5.6.42, 5.6.43, 5.6.44, 5.6.45, 5.6.46, 5.6.47, 5.6.48, 5.6.50, 5.6.51, 5.6.52, 5.6.53, 5.6.54, 5.6.55, 5.6.56, 5.6.57, 5.6.58, 5.6.59, 5.6.60, 5.6.61, 5.6.62, 5.6.63, 5.6.64, 5.6.65, 5.6.66, 5.6.67, 5.6.68, 5.6.69, 5.6.70, 5.6.71, 5.6.72, 5.6.73, 5.6.74, 5.6.75, 5.6.76, 5.6.77, 5.6.78, 5.6.79, 5.6.80, 5.6.81, 5.6.82, 5.6.83, 5.6.84, 5.6.85, 5.6.86, 5.6.87, 5.6.88, 5.6.89, 5.6.90, 5.6.91, 5.6.92, 5.6.93, 5.6.94, 5.6.95, 5.6.96, 5.6.97, 5.6.98, 5.6.99, 5.6.100, 5.6.101, 5.6.102, 5.6.103, 5.6.104, 5.6.105
All unaffected versions: 5.6.106, 5.6.107, 5.6.108, 5.6.109, 5.6.110, 5.6.111, 5.6.112, 5.6.113, 5.6.114, 5.6.115, 5.6.116, 5.6.117, 5.6.881, 5.6.971, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6
maven:ca.uhn.hapi.fhir:org.hl7.fhir.utilities
Dependent packages: 37Dependent repositories: 79
Downloads:
Affected Version Ranges: < 5.6.106
Fixed in: 5.6.106
All affected versions: 0.0.1, 0.0.2, 0.0.14, 0.1.18, 1.0.0, 1.1.67, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.2.0, 5.0.0, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.2.0, 5.2.1, 5.2.3, 5.2.4, 5.2.5, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.16, 5.2.18, 5.2.19, 5.2.20, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.14, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.9, 5.6.12, 5.6.13, 5.6.15, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.6.40, 5.6.41, 5.6.42, 5.6.43, 5.6.44, 5.6.45, 5.6.46, 5.6.47, 5.6.48, 5.6.50, 5.6.51, 5.6.52, 5.6.53, 5.6.54, 5.6.55, 5.6.56, 5.6.57, 5.6.58, 5.6.59, 5.6.60, 5.6.61, 5.6.62, 5.6.63, 5.6.64, 5.6.65, 5.6.66, 5.6.67, 5.6.68, 5.6.69, 5.6.70, 5.6.71, 5.6.72, 5.6.73, 5.6.74, 5.6.75, 5.6.76, 5.6.77, 5.6.78, 5.6.79, 5.6.80, 5.6.81, 5.6.82, 5.6.83, 5.6.84, 5.6.85, 5.6.86, 5.6.87, 5.6.88, 5.6.89, 5.6.90, 5.6.91, 5.6.92, 5.6.93, 5.6.94, 5.6.95, 5.6.96, 5.6.97, 5.6.98, 5.6.99, 5.6.100, 5.6.101, 5.6.102, 5.6.103, 5.6.104, 5.6.105
All unaffected versions: 5.6.106, 5.6.107, 5.6.108, 5.6.109, 5.6.110, 5.6.111, 5.6.112, 5.6.113, 5.6.114, 5.6.115, 5.6.116, 5.6.117, 5.6.881, 5.6.971, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6
maven:ca.uhn.hapi.fhir:org.hl7.fhir.r5
Dependent packages: 18Dependent repositories: 65
Downloads:
Affected Version Ranges: < 5.6.106
Fixed in: 5.6.106
All affected versions: 0.0.1, 0.0.2, 0.0.14, 0.1.18, 1.0.0, 1.1.67, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.2.0, 5.0.0, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.2.0, 5.2.1, 5.2.3, 5.2.4, 5.2.5, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.16, 5.2.18, 5.2.19, 5.2.20, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.14, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.9, 5.6.12, 5.6.13, 5.6.15, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.6.40, 5.6.41, 5.6.42, 5.6.43, 5.6.44, 5.6.45, 5.6.46, 5.6.47, 5.6.48, 5.6.50, 5.6.51, 5.6.52, 5.6.53, 5.6.54, 5.6.55, 5.6.56, 5.6.57, 5.6.58, 5.6.59, 5.6.60, 5.6.61, 5.6.62, 5.6.63, 5.6.64, 5.6.65, 5.6.66, 5.6.67, 5.6.68, 5.6.69, 5.6.70, 5.6.71, 5.6.72, 5.6.73, 5.6.74, 5.6.75, 5.6.76, 5.6.77, 5.6.78, 5.6.79, 5.6.80, 5.6.81, 5.6.82, 5.6.83, 5.6.84, 5.6.85, 5.6.86, 5.6.87, 5.6.88, 5.6.89, 5.6.90, 5.6.91, 5.6.92, 5.6.93, 5.6.94, 5.6.95, 5.6.96, 5.6.97, 5.6.98, 5.6.99, 5.6.100, 5.6.101, 5.6.102, 5.6.103, 5.6.104, 5.6.105
All unaffected versions: 5.6.106, 5.6.107, 5.6.108, 5.6.109, 5.6.110, 5.6.111, 5.6.112, 5.6.113, 5.6.114, 5.6.115, 5.6.116, 5.6.117, 5.6.881, 5.6.971, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6
maven:ca.uhn.hapi.fhir:org.hl7.fhir.r4b
Dependent packages: 7Dependent repositories: 13
Downloads:
Affected Version Ranges: < 5.6.106
Fixed in: 5.6.106
All affected versions: 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.6.40, 5.6.41, 5.6.42, 5.6.43, 5.6.44, 5.6.45, 5.6.46, 5.6.47, 5.6.48, 5.6.50, 5.6.51, 5.6.52, 5.6.53, 5.6.54, 5.6.55, 5.6.56, 5.6.57, 5.6.58, 5.6.59, 5.6.60, 5.6.61, 5.6.62, 5.6.63, 5.6.64, 5.6.65, 5.6.66, 5.6.67, 5.6.68, 5.6.69, 5.6.70, 5.6.71, 5.6.72, 5.6.73, 5.6.74, 5.6.75, 5.6.76, 5.6.77, 5.6.78, 5.6.79, 5.6.80, 5.6.81, 5.6.82, 5.6.83, 5.6.84, 5.6.85, 5.6.86, 5.6.87, 5.6.88, 5.6.89, 5.6.90, 5.6.91, 5.6.92, 5.6.93, 5.6.94, 5.6.95, 5.6.96, 5.6.97, 5.6.98, 5.6.99, 5.6.100, 5.6.101, 5.6.102, 5.6.103, 5.6.104, 5.6.105
All unaffected versions: 5.6.106, 5.6.107, 5.6.108, 5.6.109, 5.6.110, 5.6.111, 5.6.112, 5.6.113, 5.6.114, 5.6.115, 5.6.116, 5.6.117, 5.6.881, 5.6.971, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6
maven:ca.uhn.hapi.fhir:org.hl7.fhir.convertors
Dependent packages: 15Dependent repositories: 65
Downloads:
Affected Version Ranges: < 5.6.106
Fixed in: 5.6.106
All affected versions: 0.0.1, 0.0.2, 0.0.14, 0.1.18, 1.0.0, 1.1.67, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.2.0, 5.0.0, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.2.0, 5.2.1, 5.2.3, 5.2.4, 5.2.5, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.16, 5.2.18, 5.2.19, 5.2.20, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.14, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.9, 5.6.12, 5.6.13, 5.6.15, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.6.40, 5.6.41, 5.6.42, 5.6.43, 5.6.44, 5.6.45, 5.6.46, 5.6.47, 5.6.48, 5.6.50, 5.6.51, 5.6.52, 5.6.53, 5.6.54, 5.6.55, 5.6.56, 5.6.57, 5.6.58, 5.6.59, 5.6.60, 5.6.61, 5.6.62, 5.6.63, 5.6.64, 5.6.65, 5.6.66, 5.6.67, 5.6.68, 5.6.69, 5.6.70, 5.6.71, 5.6.72, 5.6.73, 5.6.74, 5.6.75, 5.6.76, 5.6.77, 5.6.78, 5.6.79, 5.6.80, 5.6.81, 5.6.82, 5.6.83, 5.6.84, 5.6.85, 5.6.86, 5.6.87, 5.6.88, 5.6.89, 5.6.90, 5.6.91, 5.6.92, 5.6.93, 5.6.94, 5.6.95, 5.6.96, 5.6.97, 5.6.98, 5.6.99, 5.6.100, 5.6.101, 5.6.102, 5.6.103, 5.6.104, 5.6.105
All unaffected versions: 5.6.106, 5.6.107, 5.6.108, 5.6.109, 5.6.110, 5.6.111, 5.6.112, 5.6.113, 5.6.114, 5.6.115, 5.6.116, 5.6.117, 5.6.881, 5.6.971, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6
maven:ca.uhn.hapi.fhir:org.hl7.fhir.core
Dependent packages: 1Dependent repositories: 1
Downloads:
Affected Version Ranges: < 5.6.106
Fixed in: 5.6.106
All affected versions: 0.0.1, 0.0.2, 0.0.14, 0.1.14, 0.1.18, 1.0.0, 1.1.67, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.2.0, 5.0.0, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.2.0, 5.2.1, 5.2.3, 5.2.4, 5.2.5, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.16, 5.2.18, 5.2.19, 5.2.20, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.14, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.9, 5.6.12, 5.6.13, 5.6.15, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.6.40, 5.6.41, 5.6.42, 5.6.43, 5.6.44, 5.6.45, 5.6.46, 5.6.47, 5.6.48, 5.6.50, 5.6.51, 5.6.52, 5.6.53, 5.6.54, 5.6.55, 5.6.56, 5.6.57, 5.6.58, 5.6.59, 5.6.60, 5.6.61, 5.6.62, 5.6.63, 5.6.64, 5.6.65, 5.6.66, 5.6.67, 5.6.68, 5.6.69, 5.6.70, 5.6.71, 5.6.72, 5.6.73, 5.6.74, 5.6.75, 5.6.76, 5.6.77, 5.6.78, 5.6.79, 5.6.80, 5.6.81, 5.6.82, 5.6.83, 5.6.84, 5.6.85, 5.6.86, 5.6.87, 5.6.88, 5.6.89, 5.6.90, 5.6.91, 5.6.92, 5.6.93, 5.6.94, 5.6.95, 5.6.96, 5.6.97, 5.6.98, 5.6.99, 5.6.100, 5.6.101, 5.6.102, 5.6.103, 5.6.104, 5.6.105
All unaffected versions: 5.6.106, 5.6.107, 5.6.108, 5.6.109, 5.6.110, 5.6.111, 5.6.112, 5.6.113, 5.6.114, 5.6.115, 5.6.116, 5.6.117, 5.6.881, 5.6.971, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6