CVE-2021-32053: Uncontrolled Resource Consumption

May 10, 2021 (updated May 19, 2021)

JPA Server in HAPI FHIR allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests.

References

hapifhir.io/
nvd.nist.gov/vuln/detail/CVE-2021-32053

Code Behaviors & Features

Detect and mitigate CVE-2021-32053 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →