Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-z2gc-wz64-43a9

Summary veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.

Aliases

alias	CVE-2024-28109

alias	GHSA-qxqf-2mfx-x8jw

Fixed_packages

url pkg:maven/org.verapdf/core@1.24.2

purl pkg:maven/org.verapdf/core@1.24.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.24.2

url pkg:maven/org.verapdf/core-jakarta@1.24.2

purl pkg:maven/org.verapdf/core-jakarta@1.24.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core-jakarta@1.24.2

url	pkg:maven/org.verapdf/library@1.24.2
purl	pkg:maven/org.verapdf/library@1.24.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/library@1.24.2

url	pkg:maven/org.verapdf/library-arlington@1.25.127
purl	pkg:maven/org.verapdf/library-arlington@1.25.127
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/library-arlington@1.25.127

url	pkg:maven/org.verapdf/library-jakarta@1.24.2
purl	pkg:maven/org.verapdf/library-jakarta@1.24.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/library-jakarta@1.24.2

url pkg:maven/org.verapdf/verapdf-library@1.24.2

purl pkg:maven/org.verapdf/verapdf-library@1.24.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.24.2

url pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.2

purl pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.2

Affected_packages

url pkg:maven/org.verapdf/core@1.4.1

purl pkg:maven/org.verapdf/core@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.4.1

url pkg:maven/org.verapdf/core@1.6.1

purl pkg:maven/org.verapdf/core@1.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.6.1

url pkg:maven/org.verapdf/core@1.6.2

purl pkg:maven/org.verapdf/core@1.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.6.2

url pkg:maven/org.verapdf/core@1.8.1

purl pkg:maven/org.verapdf/core@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.8.1

url pkg:maven/org.verapdf/core@1.10.1

purl pkg:maven/org.verapdf/core@1.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.10.1

url pkg:maven/org.verapdf/core@1.10.2

purl pkg:maven/org.verapdf/core@1.10.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.10.2

url pkg:maven/org.verapdf/core@1.10.3

purl pkg:maven/org.verapdf/core@1.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.10.3

url pkg:maven/org.verapdf/core@1.12.1

purl pkg:maven/org.verapdf/core@1.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.12.1

url pkg:maven/org.verapdf/core@1.14.1-RC

purl pkg:maven/org.verapdf/core@1.14.1-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.1-RC

url pkg:maven/org.verapdf/core@1.14.2-RC

purl pkg:maven/org.verapdf/core@1.14.2-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.2-RC

url pkg:maven/org.verapdf/core@1.14.3-RC

purl pkg:maven/org.verapdf/core@1.14.3-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.3-RC

url pkg:maven/org.verapdf/core@1.14.6-RC

purl pkg:maven/org.verapdf/core@1.14.6-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.6-RC

url pkg:maven/org.verapdf/core@1.14.100

purl pkg:maven/org.verapdf/core@1.14.100

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.100

url pkg:maven/org.verapdf/core@1.14.101

purl pkg:maven/org.verapdf/core@1.14.101

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.101

url pkg:maven/org.verapdf/core@1.14.102

purl pkg:maven/org.verapdf/core@1.14.102

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.102

url pkg:maven/org.verapdf/core@1.14.103

purl pkg:maven/org.verapdf/core@1.14.103

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.103

url pkg:maven/org.verapdf/core@1.14.105

purl pkg:maven/org.verapdf/core@1.14.105

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.105

url pkg:maven/org.verapdf/core@1.16.1

purl pkg:maven/org.verapdf/core@1.16.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.16.1

url pkg:maven/org.verapdf/core@1.18.2

purl pkg:maven/org.verapdf/core@1.18.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.18.2

url pkg:maven/org.verapdf/core@1.18.3

purl pkg:maven/org.verapdf/core@1.18.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.18.3

url pkg:maven/org.verapdf/core@1.18.11

purl pkg:maven/org.verapdf/core@1.18.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.18.11

url pkg:maven/org.verapdf/core@1.20.1

purl pkg:maven/org.verapdf/core@1.20.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.20.1

url pkg:maven/org.verapdf/core@1.20.2

purl pkg:maven/org.verapdf/core@1.20.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.20.2

url pkg:maven/org.verapdf/core@1.22.1

purl pkg:maven/org.verapdf/core@1.22.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.22.1

url pkg:maven/org.verapdf/core@1.22.2

purl pkg:maven/org.verapdf/core@1.22.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.22.2

url pkg:maven/org.verapdf/core@1.24.1

purl pkg:maven/org.verapdf/core@1.24.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.24.1

url pkg:maven/org.verapdf/core-jakarta@1.24.1

purl pkg:maven/org.verapdf/core-jakarta@1.24.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core-jakarta@1.24.1

url pkg:maven/org.verapdf/verapdf-library@1.4.1

purl pkg:maven/org.verapdf/verapdf-library@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.4.1

url pkg:maven/org.verapdf/verapdf-library@1.6.2

purl pkg:maven/org.verapdf/verapdf-library@1.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.6.2

url pkg:maven/org.verapdf/verapdf-library@1.8.1

purl pkg:maven/org.verapdf/verapdf-library@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.8.1

url pkg:maven/org.verapdf/verapdf-library@1.10.1

purl pkg:maven/org.verapdf/verapdf-library@1.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.10.1

url pkg:maven/org.verapdf/verapdf-library@1.10.2

purl pkg:maven/org.verapdf/verapdf-library@1.10.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.10.2

url pkg:maven/org.verapdf/verapdf-library@1.10.3

purl pkg:maven/org.verapdf/verapdf-library@1.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.10.3

url pkg:maven/org.verapdf/verapdf-library@1.12.1

purl pkg:maven/org.verapdf/verapdf-library@1.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.12.1

url pkg:maven/org.verapdf/verapdf-library@1.14.1-RC

purl pkg:maven/org.verapdf/verapdf-library@1.14.1-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.1-RC

url pkg:maven/org.verapdf/verapdf-library@1.14.2-RC

purl pkg:maven/org.verapdf/verapdf-library@1.14.2-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.2-RC

url pkg:maven/org.verapdf/verapdf-library@1.14.3-RC

purl pkg:maven/org.verapdf/verapdf-library@1.14.3-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.3-RC

url pkg:maven/org.verapdf/verapdf-library@1.14.6-RC

purl pkg:maven/org.verapdf/verapdf-library@1.14.6-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.6-RC

url pkg:maven/org.verapdf/verapdf-library@1.14.100

purl pkg:maven/org.verapdf/verapdf-library@1.14.100

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.100

url pkg:maven/org.verapdf/verapdf-library@1.14.101

purl pkg:maven/org.verapdf/verapdf-library@1.14.101

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.101

url pkg:maven/org.verapdf/verapdf-library@1.14.102

purl pkg:maven/org.verapdf/verapdf-library@1.14.102

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.102

url pkg:maven/org.verapdf/verapdf-library@1.14.103

purl pkg:maven/org.verapdf/verapdf-library@1.14.103

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.103

url pkg:maven/org.verapdf/verapdf-library@1.14.105

purl pkg:maven/org.verapdf/verapdf-library@1.14.105

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.105

url pkg:maven/org.verapdf/verapdf-library@1.16.1

purl pkg:maven/org.verapdf/verapdf-library@1.16.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.16.1

url pkg:maven/org.verapdf/verapdf-library@1.18.2

purl pkg:maven/org.verapdf/verapdf-library@1.18.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.18.2

url pkg:maven/org.verapdf/verapdf-library@1.18.3

purl pkg:maven/org.verapdf/verapdf-library@1.18.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.18.3

url pkg:maven/org.verapdf/verapdf-library@1.18.11

purl pkg:maven/org.verapdf/verapdf-library@1.18.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.18.11

url pkg:maven/org.verapdf/verapdf-library@1.20.1

purl pkg:maven/org.verapdf/verapdf-library@1.20.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.20.1

url pkg:maven/org.verapdf/verapdf-library@1.20.2

purl pkg:maven/org.verapdf/verapdf-library@1.20.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.20.2

url pkg:maven/org.verapdf/verapdf-library@1.22.1

purl pkg:maven/org.verapdf/verapdf-library@1.22.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.22.1

url pkg:maven/org.verapdf/verapdf-library@1.22.2

purl pkg:maven/org.verapdf/verapdf-library@1.22.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.22.2

url pkg:maven/org.verapdf/verapdf-library@1.24.1

purl pkg:maven/org.verapdf/verapdf-library@1.24.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.24.1

url pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.1

purl pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n46z-6pyx-8uhd

vulnerability	VCID-z2gc-wz64-43a9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28109

reference_id

reference_type

scores

value	0.01159
scoring_system	epss
scoring_elements	0.78993
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28109

reference_url

https://github.com/veraPDF/veraPDF-library

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/veraPDF/veraPDF-library

reference_url

https://github.com/veraPDF/veraPDF-library/issues/1415

reference_id

1415

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/

url

https://github.com/veraPDF/veraPDF-library/issues/1415

reference_url

https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb

reference_id

614ffa477a2cf0819e4b0df1ab133610e0da25fb

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/

url

https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb

reference_url

https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f

reference_id

9386ecbe1a1d1fb9e886d19df28851ed07890d9f

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/

url

https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28109

reference_id

CVE-2024-28109

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28109

reference_url

https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe

reference_id

d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/

url

https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe

reference_url

https://github.com/advisories/GHSA-qxqf-2mfx-x8jw

reference_id

GHSA-qxqf-2mfx-x8jw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qxqf-2mfx-x8jw

reference_url

https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw

reference_id

GHSA-qxqf-2mfx-x8jw

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/

url

https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw

Weaknesses

cwe_id	91
name	XML Injection (aka Blind XPath Injection)
description	The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z2gc-wz64-43a9

Vulnerability Instance