CVE-2024-55887

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Dec 13, 2024
CWE ID 611

Summary

CVE-2024-55887 is a vulnerability affecting the Ucum-java FHIR Java library, versions prior to 1.0.9. The UcumEssenceService in these versions is susceptible to XML External Entity (XXE) injections during parsing. Malicious DTD tags in processed XML files can lead to unintended data access from the host system. This issue poses a risk in use cases where Ucum-java is integrated with external clients that can submit XML data. To mitigate the risk, users are advised to upgrade to Ucum-java version 1.0.9 or ensure that all XML sources used with UcumEssenceService are trusted.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share