admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-528xx/CVE-2024-52800.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

86 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-52800",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:08.713",
"lastModified": "2024-11-29T19:15:08.713",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available."
},
{
"lang": "es",
"value": "veraPDF es una librer\u00eda de validaci\u00f3n PDF/A de c\u00f3digo abierto. La ejecuci\u00f3n de comprobaciones de pol\u00edticas mediante archivos Schematron personalizados a trav\u00e9s de la CLI invoca una transformaci\u00f3n XSL que, en teor\u00eda, puede provocar una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE). Esto no afecta a la funcionalidad est\u00e1ndar de validaci\u00f3n y comprobaciones de pol\u00edticas, que son los casos de uso m\u00e1s comunes de veraPDF. La mayor\u00eda de los usuarios de veraPDF no insertan ning\u00fan c\u00f3digo XSLT personalizado en los perfiles de pol\u00edticas, que se basan en la sintaxis de Schematron en lugar de en transformaciones XSL directas. Los usuarios que s\u00ed lo hacen deben cargar \u00fanicamente archivos de pol\u00edticas personalizados de fuentes en las que conf\u00eden. Este problema a\u00fan no se ha solucionado. Se recomienda a los usuarios que tengan cuidado con el c\u00f3digo XSLT hasta que haya un parche disponible."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.3,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://github.com/veraPDF/veraPDF-library/issues/1488",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-4cx5-89vm-833x",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink