Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-52800 PoC — Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI

Source
https://github.com/JAckLosingHeart/GHSA-4cx5-89vm-833x-POC
Associated Vulnerability
Title:Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI (CVE-2024-52800)
Description:veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available.
Description
GHSA-4cx5-89vm-833x/CVE-2024-52800
Readme
# GHSA-4cx5-89vm-833x-POC
GHSA-4cx5-89vm-833x/CVE-2024-52800

For POC details, plz check https://github.com/veraPDF/veraPDF-library/issues/1488
File Snapshot

 [4.0K]  /data/pocs/4e4217e3cec5f1151bbc24044cb039168a9e49af
└── [ 144]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →