ca.uhn.hapi.fhir:org.hl7.fhir.validation 6.9.1

Direct Vulnerabilities

Known vulnerabilities in the ca.uhn.hapi.fhir:org.hl7.fhir.validation package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Regular Expression Denial of Service (ReDoS) Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `matches()`, `matchesFull()`, and `replaceMatches()` functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular expressions that trigger excessive backtracking during evaluation. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `ca.uhn.hapi.fhir:org.hl7.fhir.validation` to version 6.9.7 or higher.	[,6.9.7)
H Insufficiently Protected Credentials Affected versions of this package are vulnerable to Insufficiently Protected Credentials through and exposed `/loadIG` endpoint in `ca.uhn.hapi.fhir:org.hl7.fhir.validation`. An attacker can obtain authentication credentials for external FHIR servers by submitting a crafted URL that exploits improper prefix matching in credential handling, causing sensitive tokens to be sent to attacker-controlled domains. This can also be triggered through redirect chains that re-evaluate credential attachment on each hop. Note: While the entry point for this vulnerability is in ca.uhn.hapi.fhir:org.hl7.fhir.validation, it leverages an exploit chain in ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2026-34359 to expose the credentials How to fix Insufficiently Protected Credentials? Upgrade `ca.uhn.hapi.fhir:org.hl7.fhir.validation` to version 6.9.4 or higher.	[6.8.0,6.9.4)

Vulnerability

Vulnerable Version

Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the matches(), matchesFull(), and replaceMatches() functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular expressions that trigger excessive backtracking during evaluation.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade ca.uhn.hapi.fhir:org.hl7.fhir.validation to version 6.9.7 or higher.

[,6.9.7)

Insufficiently Protected Credentials

Affected versions of this package are vulnerable to Insufficiently Protected Credentials through and exposed /loadIG endpoint in ca.uhn.hapi.fhir:org.hl7.fhir.validation. An attacker can obtain authentication credentials for external FHIR servers by submitting a crafted URL that exploits improper prefix matching in credential handling, causing sensitive tokens to be sent to attacker-controlled domains. This can also be triggered through redirect chains that re-evaluate credential attachment on each hop.

Note: While the entry point for this vulnerability is in ca.uhn.hapi.fhir:org.hl7.fhir.validation, it leverages an exploit chain in ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2026-34359 to expose the credentials

How to fix Insufficiently Protected Credentials?

Upgrade ca.uhn.hapi.fhir:org.hl7.fhir.validation to version 6.9.4 or higher.

[6.8.0,6.9.4)

ca.uhn.hapi.fhir:org.hl7.fhir.validation@6.9.1

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically