veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability.
Advisories for Maven/Org.verapdf/Core-Jakarta package
2024
veraPDF has potential XSLT injection vulnerability when using policy files
Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability.