veraPDF has potential XSLT injection vulnerability when using policy files
Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability.
Advisories for Maven/Org.verapdf/Core-Jakarta package
2024