You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our initial analysis has found that we are not vulnerable to this due to different serialization techniques, but we are actively investigating and will be bumping the dependency as soon as possible.
Hi,
As HAPI FHIR server is using spring-core I'm wondering if some versions are subject to this new vulnerability :
https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://tanzu.vmware.com/security/cve-2022-22963
Seems to concern Spring versions 5.3.18 and 5.2.20
Thanks
The text was updated successfully, but these errors were encountered: