{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39632?format=json","vulnerability_id":"VCID-z2gc-wz64-43a9","summary":"veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.","aliases":[{"alias":"CVE-2024-28109"},{"alias":"GHSA-qxqf-2mfx-x8jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31504?format=json","purl":"pkg:maven/org.verapdf/core@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.24.2"},{"url":"http://public2.vulnerablecode.io/api/packages/31500?format=json","purl":"pkg:maven/org.verapdf/core-jakarta@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core-jakarta@1.24.2"},{"url":"http://public2.vulnerablecode.io/api/packages/31501?format=json","purl":"pkg:maven/org.verapdf/library@1.24.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/library@1.24.2"},{"url":"http://public2.vulnerablecode.io/api/packages/31507?format=json","purl":"pkg:maven/org.verapdf/library-arlington@1.25.127","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/library-arlington@1.25.127"},{"url":"http://public2.vulnerablecode.io/api/packages/31502?format=json","purl":"pkg:maven/org.verapdf/library-jakarta@1.24.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/library-jakarta@1.24.2"},{"url":"http://public2.vulnerablecode.io/api/packages/31506?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.24.2"},{"url":"http://public2.vulnerablecode.io/api/packages/31499?format=json","purl":"pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/718497?format=json","purl":"pkg:maven/org.verapdf/core@1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718498?format=json","purl":"pkg:maven/org.verapdf/core@1.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718499?format=json","purl":"pkg:maven/org.verapdf/core@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718500?format=json","purl":"pkg:maven/org.verapdf/core@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718501?format=json","purl":"pkg:maven/org.verapdf/core@1.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718502?format=json","purl":"pkg:maven/org.verapdf/core@1.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718503?format=json","purl":"pkg:maven/org.verapdf/core@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/718504?format=json","purl":"pkg:maven/org.verapdf/core@1.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.12.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718505?format=json","purl":"pkg:maven/org.verapdf/core@1.14.1-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.1-RC"},{"url":"http://public2.vulnerablecode.io/api/packages/718506?format=json","purl":"pkg:maven/org.verapdf/core@1.14.2-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.2-RC"},{"url":"http://public2.vulnerablecode.io/api/packages/718507?format=json","purl":"pkg:maven/org.verapdf/core@1.14.3-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.3-RC"},{"url":"http://public2.vulnerablecode.io/api/packages/718508?format=json","purl":"pkg:maven/org.verapdf/core@1.14.6-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.6-RC"},{"url":"http://public2.vulnerablecode.io/api/packages/718509?format=json","purl":"pkg:maven/org.verapdf/core@1.14.100","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.100"},{"url":"http://public2.vulnerablecode.io/api/packages/718510?format=json","purl":"pkg:maven/org.verapdf/core@1.14.101","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.101"},{"url":"http://public2.vulnerablecode.io/api/packages/718511?format=json","purl":"pkg:maven/org.verapdf/core@1.14.102","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.102"},{"url":"http://public2.vulnerablecode.io/api/packages/718512?format=json","purl":"pkg:maven/org.verapdf/core@1.14.103","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.103"},{"url":"http://public2.vulnerablecode.io/api/packages/718513?format=json","purl":"pkg:maven/org.verapdf/core@1.14.105","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.14.105"},{"url":"http://public2.vulnerablecode.io/api/packages/718514?format=json","purl":"pkg:maven/org.verapdf/core@1.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.16.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718515?format=json","purl":"pkg:maven/org.verapdf/core@1.18.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.18.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718516?format=json","purl":"pkg:maven/org.verapdf/core@1.18.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.18.3"},{"url":"http://public2.vulnerablecode.io/api/packages/718517?format=json","purl":"pkg:maven/org.verapdf/core@1.18.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.18.11"},{"url":"http://public2.vulnerablecode.io/api/packages/718518?format=json","purl":"pkg:maven/org.verapdf/core@1.20.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.20.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718519?format=json","purl":"pkg:maven/org.verapdf/core@1.20.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.20.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718520?format=json","purl":"pkg:maven/org.verapdf/core@1.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718521?format=json","purl":"pkg:maven/org.verapdf/core@1.22.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.22.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718522?format=json","purl":"pkg:maven/org.verapdf/core@1.24.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core@1.24.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718548?format=json","purl":"pkg:maven/org.verapdf/core-jakarta@1.24.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/core-jakarta@1.24.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718523?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718524?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718525?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718526?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718527?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718528?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/718529?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.12.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718530?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.14.1-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.1-RC"},{"url":"http://public2.vulnerablecode.io/api/packages/718531?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.14.2-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.2-RC"},{"url":"http://public2.vulnerablecode.io/api/packages/718532?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.14.3-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.3-RC"},{"url":"http://public2.vulnerablecode.io/api/packages/718533?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.14.6-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.6-RC"},{"url":"http://public2.vulnerablecode.io/api/packages/718534?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.14.100","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.100"},{"url":"http://public2.vulnerablecode.io/api/packages/718535?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.14.101","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.101"},{"url":"http://public2.vulnerablecode.io/api/packages/718536?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.14.102","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.102"},{"url":"http://public2.vulnerablecode.io/api/packages/718537?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.14.103","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.103"},{"url":"http://public2.vulnerablecode.io/api/packages/718538?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.14.105","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.14.105"},{"url":"http://public2.vulnerablecode.io/api/packages/718539?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.16.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718540?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.18.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.18.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718541?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.18.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.18.3"},{"url":"http://public2.vulnerablecode.io/api/packages/718542?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.18.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.18.11"},{"url":"http://public2.vulnerablecode.io/api/packages/718543?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.20.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.20.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718544?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.20.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.20.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718545?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718546?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.22.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.22.2"},{"url":"http://public2.vulnerablecode.io/api/packages/718547?format=json","purl":"pkg:maven/org.verapdf/verapdf-library@1.24.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library@1.24.1"},{"url":"http://public2.vulnerablecode.io/api/packages/718496?format=json","purl":"pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n46z-6pyx-8uhd"},{"vulnerability":"VCID-z2gc-wz64-43a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.verapdf/verapdf-library-jakarta@1.24.1"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28109","reference_id":"","reference_type":"","scores":[{"value":"0.01159","scoring_system":"epss","scoring_elements":"0.78993","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28109"},{"reference_url":"https://github.com/veraPDF/veraPDF-library","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/veraPDF/veraPDF-library"},{"reference_url":"https://github.com/veraPDF/veraPDF-library/issues/1415","reference_id":"1415","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/"}],"url":"https://github.com/veraPDF/veraPDF-library/issues/1415"},{"reference_url":"https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb","reference_id":"614ffa477a2cf0819e4b0df1ab133610e0da25fb","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/"}],"url":"https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb"},{"reference_url":"https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f","reference_id":"9386ecbe1a1d1fb9e886d19df28851ed07890d9f","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/"}],"url":"https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28109","reference_id":"CVE-2024-28109","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28109"},{"reference_url":"https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe","reference_id":"d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/"}],"url":"https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"},{"reference_url":"https://github.com/advisories/GHSA-qxqf-2mfx-x8jw","reference_id":"GHSA-qxqf-2mfx-x8jw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxqf-2mfx-x8jw"},{"reference_url":"https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw","reference_id":"GHSA-qxqf-2mfx-x8jw","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T17:57:42Z/"}],"url":"https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw"}],"weaknesses":[{"cwe_id":91,"name":"XML Injection (aka Blind XPath Injection)","description":"The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2gc-wz64-43a9"}