FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
Critical severity
GitHub Reviewed
Published
Mar 27, 2026
in
hapifhir/org.hl7.fhir.core
•
Updated Mar 31, 2026
Give feedback on Dependabot alerts