admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-281xx/CVE-2024-28109.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

96 lines
3.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-28109",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-28T14:15:13.863",
"lastModified": "2024-11-21T09:05:50.020",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2."
},
{
"lang": "es",
"value": "veraPDF-library es una librer\u00eda de validaci\u00f3n de PDF/A. La ejecuci\u00f3n de comprobaciones de pol\u00edticas utilizando archivos de esquema personalizados invoca una transformaci\u00f3n XSL que podr\u00eda provocar una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE). Esta vulnerabilidad se solucion\u00f3 en 1.24.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-91"
}
]
}
],
"references": [
{
"url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/issues/1415",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/issues/1415",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink