Authentication Bypass Affecting org.apache.pdfbox:pdfbox package, versions [,1.8.13) [2.0.0,2.0.2)
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEPDFBOX-30694
- published 6 May 2016
- disclosed 6 May 2016
- credit Joe Ye
How to fix?
Upgrade org.apache.pdfbox:pdfbox
to versions 1.8.13 ,2.0.2 or higher.
Overview
org.apache.pdfbox:pdfbox
Affected versions of the package are vulnerable to Authentication Bypass. The ReadOnly
permissions are not called in the StandardSecurityHandler
, allowing all users to edit the PDF file although the are not the owners.