5 matches found
CVE-2024-52800
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
CVE-2024-52800
creationtimestamp| type| source ---|---|--- 2024-11-30 06:58:11+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9255...
CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
CVE-2024-52800
The CVE-2024-52800 issue affects veraPDF: when executing policy checks via the CLI using custom Schematron-based policy files, an XSL transformation may enable a remote code execution (RCE) or XXE-type vector. The vulnerability concerns the policy-check workflow (policy profiles with user-provide...
CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...