CVE-2024-28109

{"id": "CVE-2024-28109", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-03-28T14:15:13.863", "references": [{"url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb", "source": "[email protected]"}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f", "source": "[email protected]"}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe", "source": "[email protected]"}, {"url": "https://github.com/veraPDF/veraPDF-library/issues/1415", "source": "[email protected]"}, {"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw", "source": "[email protected]"}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/veraPDF/veraPDF-library/issues/1415", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-91"}]}], "descriptions": [{"lang": "en", "value": "veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2."}, {"lang": "es", "value": "veraPDF-library es una librer\u00eda de validaci\u00f3n de PDF/A. La ejecuci\u00f3n de comprobaciones de pol\u00edticas utilizando archivos de esquema personalizados invoca una transformaci\u00f3n XSL que podr\u00eda provocar una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE). Esta vulnerabilidad se solucion\u00f3 en 1.24.2."}], "lastModified": "2024-11-21T09:05:50.020", "sourceIdentifier": "[email protected]"}