24 matches found
EUVD-2024-3420
Malicious code in bioql PyPI...
CVE-2024-52800
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standa...
GHSA-4CX5-89VM-833X veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standa...
cn.idev.excel:fastexcel (=1.0.0), cn.idev.excel:fastexcel-core (=1.0.0) +40 more potentially affected by CVE-2024-52800 via org.verapdf:core (>=1.10.1 <=1.26.1)
org.verapdf:core MAVEN version =1.10.1, =1.6.0, =0.0.30, =1.0, =7.1.9, =3.4.2, =5.12, =5.12, =5.12, =0.0.1, =0.0.3 - io.github.karboom:server-common =1.0.0 and more Source cves: CVE-2024-52800 Source advisory: OSV:GHSA-4CX5-89VM-833X...
eu.europa.ec.joinup.sd-dss:dss-cookbook (>=6.0 <=6.2.RC1), eu.europa.ec.joinup.sd-dss:dss-jacoco-coverage (>=6.0 <=6.2.RC1) +13 more potentially affected by CVE-2024-52800 via org.verapdf:core-jakarta (>=1.24.1 <=1.26.1)
org.verapdf:core-jakarta MAVEN version =1.24.1, =6.0, =6.0, =6.0, =0.5.0, =0.6.0, =6.0.d4j.1, =6.0.d4j.1, =6.0.d4j.1, =2.12.0, =3.2.0, =3.2.0, =1.24.1, =1.24.1, =1.24.1, =1.26.1 - org.verapdf:wcag-validation-jakarta =1.26.1 Source cves: CVE-2024-52800 Source advisory: OSV:GHSA-4CX5-89VM-833X...
CVE-2024-52800
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
CVE-2024-52800
The CVE-2024-52800 issue affects veraPDF: when executing policy checks via the CLI using custom Schematron-based policy files, an XSL transformation may enable a remote code execution (RCE) or XXE-type vector. The vulnerability concerns the policy-check workflow (policy profiles with user-provide...
CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
veraPDF-library 代码问题漏洞
veraPDF-library is veraPDF open source an open source PDF/A validation library . A code issue vulnerability exists in veraPDF-library, which stems from the fact that using a custom schematron file enforcement policy check via the CLI invokes an XSL transformation, which could theoretically lead t...
PT-2024-8938 · Verapdf · Verapdf
Name of the Vulnerable Software and Affected Versions: veraPDF affected versions not specified Description: The issue is related to the execution of policy checks using custom schematron files via the CLI, which invokes an XSL transformation that may theoretically lead to a remote code execution...
cn.idev.excel:fastexcel (=1.0.0), cn.idev.excel:fastexcel-core (=1.0.0) +40 more potentially affected by CVE-2024-28109 via org.verapdf:core (>=1.10.1 <=1.24.1)
org.verapdf:core MAVEN version =1.10.1, =1.6.0, =0.0.30, =1.0, =7.1.9, =3.4.2, =5.12, =5.12, =5.12, =0.0.1, =0.0.3 - io.github.karboom:server-common =1.0.0 and more Source cves: CVE-2024-28109 Source advisory: OSV:GHSA-QXQF-2MFX-X8JW...
GHSA-QXQF-2MFX-X8JW veraPDF has potential XSLT injection vulnerability when using policy files
Impact Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches This has been patched and users should upgrade to veraPDF v1.24.2 Workarounds This doesn't affect the standard validation an...
veraPDF has potential XSLT injection vulnerability when using policy files
Impact Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches This has been patched and users should upgrade to veraPDF v1.24.2 Workarounds This doesn't affect the standard validation an...
eu.europa.ec.joinup.sd-dss:dss-cookbook (=6.0), eu.europa.ec.joinup.sd-dss:dss-jacoco-coverage (=6.0) +7 more potentially affected by CVE-2024-28109 via org.verapdf:core-jakarta (=1.24.1)
org.verapdf:core-jakarta MAVEN version =1.24.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.verapdf:core-jakarta and may be impacted: - eu.europa.ec.joinup.sd-dss:dss-cookbook =6.0 - eu.europa.ec.joinup.sd-dss:dss-jacoco-coverage =6.0 -...
XML Injection
verapdf is vulnerable to Remote Code Execution RCE. The vulnerability is caused by executing policy checks using custom schematron files, which invokes an XSL transformation that could lead to code execution...
CVE-2024-28109
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
CVE-2024-28109
CVE-2024-28109 affects veraPDF-library, a PDF/A validation library. Executing policy checks with custom Schematron files triggers an XSL transformation, which can lead to a remote code execution (RCE). Impact is stated as high severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). The issue is...
CVE-2024-28109 Potential XSLT injection vulnerability when using policy files
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...