Lucene search
+L

8 matches found

cnnvd
cnnvd
added 2024/11/29 12:0 a.m.5 views

veraPDF-library 代码问题漏洞

veraPDF-library is veraPDF open source an open source PDF/A validation library . A code issue vulnerability exists in veraPDF-library, which stems from the fact that using a custom schematron file enforcement policy check via the CLI invokes an XSL transformation, which could theoretically lead t...

2.3CVSS7.6AI score0.01063EPSS
Exploits0References2
nvd
nvd
added 2024/03/28 2:15 p.m.50 views

CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.3AI score0.01033EPSS
Exploits0References5
cve
cve
added 2024/03/28 1:19 p.m.102 views

CVE-2024-28109

CVE-2024-28109 affects veraPDF-library, a PDF/A validation library. Executing policy checks with custom Schematron files triggers an XSL transformation, which can lead to a remote code execution (RCE). Impact is stated as high severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). The issue is...

8.1CVSS8.2AI score0.01033EPSS
Exploits0References5
osv
osv
added 2024/03/28 1:19 p.m.39 views

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.1AI score0.01033EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2024/03/28 1:19 p.m.19 views

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.3AI score0.01033EPSS
Exploits0References5
cvelist
cvelist
added 2024/03/28 1:19 p.m.57 views

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.5AI score0.01033EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2024/03/28 12:0 a.m.7 views

PT-2024-22267 · Unknown · Verapdf-Library

Name of the Vulnerable Software and Affected Versions: veraPDF-library versions prior to 1.24.2 Description: The veraPDF-library, a PDF/A validation library, has a remote code execution RCE vulnerability when executing policy checks using custom schematron files. This invokes an XSL transformatio...

8.1CVSS8.1AI score0.01033EPSS
Exploits0References11
cnnvd
cnnvd
added 2024/03/28 12:0 a.m.5 views

veraPDF-library 安全漏洞

veraPDF-library is veraPDF open source an open source PDF/A validation library . A security vulnerability exists in veraPDF-library. Attackers can use the vulnerability to remotely execute code...

8.1CVSS8AI score0.01033EPSS
Exploits0References6
Rows per page
Query Builder