CVE-2022-39230 fhir-works-on-aws-authz-smart is an implementation of the authorization interface from FHIR Works. 3.1.1 and 3.1.2 are subject to EOSI.

If you are using an older version of fhir-works-on-aws-authz-smart, upgrade immediately.

CVE-2023-39231

If you are using an older version of fhir-works-on-aws-authz-smart, upgrade immediately.
If you are using an older version of the fhir-works-on-aws-authz-smart module, upgrade to the current version immediately.
If you use the fhir-works-on-aws module, also upgrade to the current version as soon as possible.

Vulnerability description: fhir-works-on-aws-authz-smart on aws is prone to a remote denial of service vulnerability because it fails to check the input data before using it.

Overview of the CVE

If you are using an older version of fhir-works-on-aws-authz-smart, upgrade immediately. The older versions have a critical vulnerability that could allow for a hacker to take over your AWS account.

Timeline

Published on: 09/23/2022 07:15:00 UTC
Last modified on: 09/26/2022 17:20:00 UTC

References

• https://github.com/awslabs/fhir-works-on-aws-authz-smart/security/advisories/GHSA-vv7x-7w4m-q72f
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39230