CVE-2024-28109 - Vulnerability Details - OpenCVE

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00713.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-1756	veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.
Github GHSA	GHSA-qxqf-2mfx-x8jw	veraPDF has potential XSLT injection vulnerability when using policy files

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb
https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f
https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe
https://github.com/veraPDF/veraPDF-library/issues/1415
https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-28T13:19:39.906Z

Updated: 2024-08-02T00:48:48.254Z

Reserved: 2024-03-04T14:19:14.059Z

Link: CVE-2024-28109

Vulnrichment

Updated: 2024-08-02T00:48:48.254Z

NVD

Status : Awaiting Analysis

Published: 2024-03-28T14:15:13.863

Modified: 2024-11-21T09:05:50.020

Link: CVE-2024-28109

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28109", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-04T14:19:14.059Z", "datePublished": "2024-03-28T13:19:39.906Z", "dateUpdated": "2024-08-02T00:48:48.254Z"}, "containers": {"cna": {"title": "Potential XSLT injection vulnerability when using policy files", "problemTypes": [{"descriptions": [{"cweId": "CWE-91", "lang": "en", "description": "CWE-91: XML Injection (aka Blind XPath Injection)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw"}, {"name": "https://github.com/veraPDF/veraPDF-library/issues/1415", "tags": ["x_refsource_MISC"], "url": "https://github.com/veraPDF/veraPDF-library/issues/1415"}, {"name": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb", "tags": ["x_refsource_MISC"], "url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb"}, {"name": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f", "tags": ["x_refsource_MISC"], "url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f"}, {"name": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe", "tags": ["x_refsource_MISC"], "url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"}], "affected": [{"vendor": "veraPDF", "product": "veraPDF-library", "versions": [{"version": "< 1.24.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-28T13:19:39.906Z"}, "descriptions": [{"lang": "en", "value": "veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2."}], "source": {"advisory": "GHSA-qxqf-2mfx-x8jw", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "verapdf", "product": "verapdf-library", "cpes": ["cpe:2.3:a:verapdf:verapdf-library:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.24.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T17:57:42.795412Z", "id": "CVE-2024-28109", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T21:06:10.317Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:48.254Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw"}, {"name": "https://github.com/veraPDF/veraPDF-library/issues/1415", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/veraPDF/veraPDF-library/issues/1415"}, {"name": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb"}, {"name": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f"}, {"name": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw", "name": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/veraPDF/veraPDF-library/issues/1415", "name": "https://github.com/veraPDF/veraPDF-library/issues/1415", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb", "name": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f", "name": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe", "name": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:48.254Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28109", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-23T17:57:42.795412Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:verapdf:verapdf-library:*:*:*:*:*:*:*:*"], "vendor": "verapdf", "product": "verapdf-library", "versions": [{"status": "affected", "version": "0", "lessThan": "1.24.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T19:07:57.212Z"}}], "cna": {"title": "Potential XSLT injection vulnerability when using policy files", "source": {"advisory": "GHSA-qxqf-2mfx-x8jw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "veraPDF", "product": "veraPDF-library", "versions": [{"status": "affected", "version": "< 1.24.2"}]}], "references": [{"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw", "name": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/veraPDF/veraPDF-library/issues/1415", "name": "https://github.com/veraPDF/veraPDF-library/issues/1415", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb", "name": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f", "name": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe", "name": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-91", "description": "CWE-91: XML Injection (aka Blind XPath Injection)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-28T13:19:39.906Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28109", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:48:48.254Z", "dateReserved": "2024-03-04T14:19:14.059Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-28T13:19:39.906Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2."}, {"lang": "es", "value": "veraPDF-library es una librer\u00eda de validaci\u00f3n de PDF/A. La ejecuci\u00f3n de comprobaciones de pol\u00edticas utilizando archivos de esquema personalizados invoca una transformaci\u00f3n XSL que podr\u00eda provocar una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE). Esta vulnerabilidad se solucion\u00f3 en 1.24.2."}], "id": "CVE-2024-28109", "lastModified": "2024-11-21T09:05:50.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-28T14:15:13.863", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb"}, {"source": "security-advisories@github.com", "url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f"}, {"source": "security-advisories@github.com", "url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"}, {"source": "security-advisories@github.com", "url": "https://github.com/veraPDF/veraPDF-library/issues/1415"}, {"source": "security-advisories@github.com", "url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/veraPDF/veraPDF-library/issues/1415"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-91"}], "source": "security-advisories@github.com", "type": "Secondary"}]}