Skip to content

FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

Critical severity GitHub Reviewed Published Mar 27, 2026 in hapifhir/org.hl7.fhir.core • Updated Mar 31, 2026

No open alerts for this advisory

Give feedback on Dependabot alerts