-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.hl7.fhir.publisher:org.hl7.fhir.publisher | maven | < 1.2.30 | 1.2.30 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient path validation during zip extraction or retention of unsanitized paths. Publisher.java directly writes entries using entry.getName() without checks. ZipFetcher.java retains paths in FetchedFile objects, propagating the risk to downstream operations. IGPack2NpmConvertor.java's loadZip method stores raw paths, creating a latent vulnerability. WebSourceProvider.java was excluded because it includes a check (though untested), making it non-vulnerable in its current state.
Ongoing coverage of React2Shell