CVE-2023-24057
- Source
- https://cve.org/CVERecord?id=CVE-2023-24057
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24057.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-24057
- Aliases
- Related
- Published
- 2023-01-26T21:18:15.960Z
- Modified
- 2026-04-12T07:25:34.799939Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).
- References
Affected packages
Git / github.com/hapifhir/org.hl7.fhir.core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hapifhir/org.hl7.fhir.core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "source": "CPE_FIELD", "cpe": "cpe:2.3:a:hapifhir:hl7_fhir_core:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "5.6.92" } ] }
Affected versions
1.*
1.1.67
5.*
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.16
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.7
5.0.8
5.0.9
5.1.1
5.1.2
5.1.3
5.1.4
5.1.6
5.1.7
5.3.1
5.3.10
5.3.11
5.3.12
5.3.14
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.9
5.4.1
5.4.10
5.4.12
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.4.8
5.4.9
5.5.1
5.5.10
5.5.11
5.5.12
5.5.13
5.5.14
5.5.15
5.5.3
5.5.4
5.5.6
5.5.7
5.5.8
5.5.9
5.6.0
5.6.1
5.6.15
5.6.17
5.6.18
5.6.19
5.6.20
5.6.21
5.6.22
5.6.23
5.6.24
5.6.25
5.6.26
5.6.27
5.6.28
5.6.29
5.6.3
5.6.4
5.6.42
5.6.43
5.6.44
5.6.45
5.6.46
5.6.47
5.6.48
5.6.50
5.6.52
5.6.53
5.6.54
5.6.56
5.6.6
5.6.61
5.6.62
5.6.63
5.6.64
5.6.65
5.6.66
5.6.67
5.6.68
5.6.69
5.6.7
5.6.70
5.6.71
5.6.72
5.6.74
5.6.75
5.6.76
5.6.77
5.6.78
5.6.79
5.6.80
5.6.84
5.6.85
5.6.86
5.6.87
5.6.88
5.6.89
5.6.9
5.6.90
5.6.91
v5.*
v5.3.0
v5.4.0
Git / github.com/hl7/fhir-ig-publisher
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hl7/fhir-ig-publisher
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "source": "CPE_FIELD", "cpe": "cpe:2.3:a:hl7:fhir_ig_publisher:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "1.2.30" } ] }
Affected versions
1.*
1.1.0
1.1.1
1.1.10
1.1.101
1.1.102
1.1.103
1.1.104
1.1.105
1.1.106
1.1.11
1.1.111
1.1.112
1.1.113
1.1.117
1.1.12
1.1.120
1.1.121
1.1.122
1.1.123
1.1.124
1.1.125
1.1.126
1.1.127
1.1.128
1.1.129
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.2
1.1.3
1.1.33
1.1.37
1.1.38
1.1.39
1.1.4
1.1.40
1.1.41
1.1.42
1.1.43
1.1.44
1.1.45
1.1.5
1.1.50
1.1.51
1.1.53
1.1.54
1.1.55
1.1.56
1.1.57
1.1.59
1.1.6
1.1.60
1.1.61
1.1.62
1.1.63
1.1.64
1.1.66
1.1.67
1.1.68
1.1.7
1.1.71
1.1.72
1.1.73
1.1.74
1.1.75
1.1.76
1.1.77
1.1.78
1.1.79
1.1.8
1.1.81
1.1.82
1.1.83
1.1.84
1.1.85
1.1.86
1.1.88
1.1.90
1.1.91
1.1.92
1.1.93
1.1.94
1.1.95
1.1.96
1.1.97
1.1.98
1.1.99
1.2.0
1.2.1
1.2.12
1.2.13
1.2.14
1.2.15
1.2.18
1.2.2
1.2.20
1.2.21
1.2.23
1.2.24
1.2.28
1.2.29
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7