How severe is CVE-2024-52800?

This vulnerability has a severity rating of LOW with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-52800?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2024-52800 - LOW Severity | CVSS N/A

Vulnerability Description

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available.

Related Vulnerabilities

CVE-2015-9280

CRITICAL

CVSS:10.0(Critical)

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

CWE-6112015

CVE-2017-7664

CRITICAL

CVSS:10.0(Critical)

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CWE-6112017

CVE-2017-8110

CRITICAL

CVSS:10.0(Critical)

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.

CWE-6112017

CVE-2018-1000124

CRITICAL

CVSS:10.0(Critical)

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the c...

CWE-6112018

CVE-2018-1000644

CRITICAL

CVSS:10.0(Critical)

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of ser...

CWE-6112018

CVE-2018-1000651

CRITICAL

CVSS:10.0(Critical)

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning...

CWE-6112018