CVE-2024-52807

Summary

XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`

Severity

high

EPSS

0.5% (p41)

Also known as

GHSA-8c3x-hq82-gjcm#org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli, GHSA-8c3x-hq82-gjcm#org.hl7.fhir.publisher:org.hl7.fhir.publisher.core

Published

2025-01-24

References

• https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
• https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-8c3x-hq82-gjcm
• https://nvd.nist.gov/vuln/detail/CVE-2024-52807

Related advisories

• CVE-2025-24363 — medium · Maven/org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity