An Open Source secure REST implementation for the HL7 FHIR Specification. For API documentation, please see https://github.com/Asymmetrik/node-fhir-server-core/wiki.
Do you want to request a feature, report a bug, or improve documentation?
Reporting a security defect.
Hello, Linux Community Bridge is reporting a Timing Attack based on the elliptic library, which is included in node-fhir-server-core based on the jwk-to-pem library which uses it as a dependency.
I've confirmed that its' jwk-to-pem pulling in elliptic:^6.2.3, and have reported the issue to them in brightspace/node-jwk-to-pem#33
Possible resolutions include removing jwk-to-pem from node-fhir-server-core, or working with Brightspace to get their library patched and then updating the FHIR Server.
Do you want to request a feature, report a bug, or improve documentation?
Reporting a security defect.
Hello, Linux Community Bridge is reporting a Timing Attack based on the
elliptic
library, which is included innode-fhir-server-core
based on thejwk-to-pem
library which uses it as a dependency.I've confirmed that its'
jwk-to-pem
pulling in elliptic:^6.2.3, and have reported the issue to them in brightspace/node-jwk-to-pem#33Possible resolutions include removing
jwk-to-pem
fromnode-fhir-server-core
, or working with Brightspace to get their library patched and then updating the FHIR Server.