Tag
The FHIR Validator HTTP service is vulnerable to server-side request forgery (SSRF) via the `/loadIG` endpoint, enabling attackers to steal authentication tokens by exploiting a prefix-matching flaw in the credential provider.