Vulnerability	Vulnerable Version
H XML External Entity (XXE) Injection Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the CLI when executing policy checks using custom schematron files due to improper parsing of policyfile in the `mergeEnabledFeaturesFromPolicy` function. An attacker can execute arbitrary code by injecting malicious XSLT code into the policy files. How to fix XML External Entity (XXE) Injection? Upgrade `org.verapdf:core-jakarta` to version 1.26.2 or higher.	[,1.26.2)
H XML Injection Affected versions of this package are vulnerable to XML Injection via executing policy checks using custom schematron files which invokes an XSL transformation. An attacker can execute arbitrary code remotely by crafting malicious schematron files. How to fix XML Injection? Upgrade `org.verapdf:core-jakarta` to version 1.24.2 or higher.	[0,1.24.2)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the CLI when executing policy checks using custom schematron files due to improper parsing of policyfile in the mergeEnabledFeaturesFromPolicy function. An attacker can execute arbitrary code by injecting malicious XSLT code into the policy files.

How to fix XML External Entity (XXE) Injection?

Upgrade org.verapdf:core-jakarta to version 1.26.2 or higher.

[,1.26.2)

XML Injection

Affected versions of this package are vulnerable to XML Injection via executing policy checks using custom schematron files which invokes an XSL transformation. An attacker can execute arbitrary code remotely by crafting malicious schematron files.

How to fix XML Injection?

Upgrade org.verapdf:core-jakarta to version 1.24.2 or higher.

[0,1.24.2)

Go back to all versions of this package