Lucene search
+L

4 matches found

NVD
NVD
added 2024/03/28 2:15 p.m.50 views

CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.3AI score0.01033EPSS
Exploits0References5
CVE
CVE
added 2024/03/28 1:19 p.m.102 views

CVE-2024-28109

CVE-2024-28109 affects veraPDF-library, a PDF/A validation library. Executing policy checks with custom Schematron files triggers an XSL transformation, which can lead to a remote code execution (RCE). Impact is stated as high severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). The issue is...

8.1CVSS8.2AI score0.01033EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/28 1:19 p.m.57 views

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.5AI score0.01033EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/28 1:19 p.m.20 views

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.3AI score0.01033EPSS
Exploits0References5
Rows per page
Query Builder