CVE-2023-24057 — HIGH (8.1)

Q: How severe is CVE-2023-24057?

CVE-2023-24057 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-24057?

Check the references section above for vendor advisories and patch information. Affected products include: Hapifhir Hl7 Fhir Core, Hl7 Fhir Ig Publisher.

Vulnerability Description

HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hapifhir	Hl7 Fhir Core	< 5.6.92
Hl7	Fhir Ig Publisher	< 1.2.30

Related Weaknesses (CWE)

CWE-22

References

https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjgExploitThird Party Advisory
https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjgExploitThird Party Advisory

FAQ

What is CVE-2023-24057?

CVE-2023-24057 is a vulnerability with a CVSS score of 8.1 (HIGH). HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminol...

How severe is CVE-2023-24057?

CVE-2023-24057 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-24057?

Check the references section above for vendor advisories and patch information. Affected products include: Hapifhir Hl7 Fhir Core, Hl7 Fhir Ig Publisher.