Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade com.itextpdf:sign
to version 7.1.5 or higher.
com.itextpdf:sign is an itext7 sign package, used as part of the itext7 PDF parsing library.
Affected versions of this package are vulnerable to Insufficient Signature Validation. It is possible to bypass the signature checker feature within itext7
due to insufficient validation of the whole PDF document.