How severe is CVE-2024-52807?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2024-52807?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2024-52807 - HIGH Severity | CVSS 8.6

Vulnerability Description

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available.

Related Vulnerabilities

CVE-2016-4264

HIGH

CVSS:8.6(High)

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a craft...

CWE-6112016

CVE-2016-7051

HIGH

CVSS:8.6(High)

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vec...

CWE-6112016

CVE-2016-9691

HIGH

CVSS:8.6(High)

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploi...

CWE-6112016

CVE-2018-19244

HIGH

CVSS:8.6(High)

An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed...

CWE-6112018

CVE-2018-19858

HIGH

CVSS:8.6(High)

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceX...

CWE-6112018

CVE-2021-3869

HIGH

CVSS:8.6(High)

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

CWE-6112021