1 matches found
XML External Entity (XXE)
Apache PDFBox is vulnerable to XML external entity XXE attacks. The XML parser does not disable external DTDs, which would allow an attacker to perform XXE attacks using a malicious XFDF file...