CVE-2024-28109
- Source
- https://cve.org/CVERecord?id=CVE-2024-28109
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28109.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-28109
- Aliases
- Published
- 2024-03-28T13:19:39.906Z
- Modified
- 2026-04-12T09:49:31.440427Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Potential XSLT injection vulnerability when using policy files
- Details
-
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-91" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28109.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28109.json
- https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw
- https://nvd.nist.gov/vuln/detail/CVE-2024-28109
- https://github.com/veraPDF/veraPDF-library/issues/1415
- https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb
- https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f
- https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe
Affected packages
Git / github.com/verapdf/verapdf-library
Affected ranges
- Type
- GIT
- Repo
- https://github.com/verapdf/verapdf-library
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/verapdf/verapdf-library
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/verapdf/verapdf-library
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/verapdf/verapdf-library
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/verapdf/verapdf-library
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/verapdf/verapdf-library
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
b
b191
b192
b193
b194
b195
b196
b197
b198
b199
b200
b201
b203
b204
b205
b206
b208
b209
b210
b211
b212
b213
b214
b215
b216
b217
b218
b219
b220
b221
b222
b223
b225
b226
b227
b228
b229
b230
b35
b36
b37
b38
b39
b40
d
d0.*
d0.11.101
d0.11.102
d0.11.103
d0.11.105
d0.11.106
d0.11.107
d0.11.108
d0.11.109
d0.11.110
d0.11.111
d0.11.112
d0.11.113
d0.11.114
d0.11.115
d0.11.116
d0.11.117
d0.11.118
d0.11.119
d0.11.120
d0.11.121
d0.11.122
d0.11.123
d0.11.124
d0.11.125
d0.11.126
d0.11.127
d0.11.128
d0.11.129
d0.11.130
d0.11.131
d0.11.132
d0.11.133
d0.11.134
d0.11.135
d0.11.136
d0.11.137
d0.13.1
d0.13.10
d0.13.11
d0.13.12
d0.13.2
d0.13.3
d0.13.4
d0.13.5
d0.13.6
d0.13.7
d0.13.8
d0.13.9
d0.15.1
d0.15.10
d0.15.11
d0.15.12
d0.15.13
d0.15.14
d0.15.15
d0.15.16
d0.15.17
d0.15.2
d0.15.3
d0.15.4
d0.15.5
d0.15.6
d0.15.7
d0.15.8
d0.15.9
d0.17.1
d0.17.10
d0.17.11
d0.17.12
d0.17.13
d0.17.14
d0.17.15
d0.17.16
d0.17.17
d0.17.18
d0.17.19
d0.17.2
d0.17.20
d0.17.21
d0.17.3
d0.17.4
d0.17.5
d0.17.6
d0.17.7
d0.17.8
d0.17.9
d0.19.1
d0.19.2
d0.19.5
d0.19.6
d0.21.1
d0.21.2
d0.21.3
d0.21.4
d0.23.1
d0.23.2
d0.23.3
d0.23.4
d0.23.5
d0.23.6
d0.23.7
d0.25.1
d0.25.10
d0.25.11
d0.25.12
d0.25.13
d0.25.14
d0.25.15
d0.25.16
d0.25.17
d0.25.18
d0.25.19
d0.25.2
d0.25.20
d0.25.3
d0.25.4
d0.25.5
d0.25.6
d0.25.7
d0.25.8
d0.25.9
d0.27.1
d0.27.10
d0.27.11
d0.27.12
d0.27.13
d0.27.14
d0.27.15
d0.27.16
d0.27.17
d0.27.18
d0.27.19
d0.27.2
d0.27.20
d0.27.21
d0.27.22
d0.27.23
d0.27.24
d0.27.25
d0.27.3
d0.27.4
d0.27.5
d0.27.6
d0.27.7
d0.27.8
d0.27.9
d0.29.1
d0.29.3
d0.29.4
d0.29.5
d0.3.0
d0.3.10
d0.3.100
d0.3.101
d0.3.102
d0.3.103
d0.3.104
d0.3.105
d0.3.106
d0.3.107
d0.3.108
d0.3.109
d0.3.11
d0.3.110
d0.3.111
d0.3.112
d0.3.113
d0.3.114
d0.3.115
d0.3.116
d0.3.117
d0.3.118
d0.3.119
d0.3.12
d0.3.120
d0.3.121
d0.3.122
d0.3.123
d0.3.124
d0.3.125
d0.3.126
d0.3.127
d0.3.129
d0.3.13
d0.3.130
d0.3.131
d0.3.14
d0.3.15
d0.3.158
d0.3.159
d0.3.16
d0.3.160
d0.3.161
d0.3.162
d0.3.163
d0.3.164
d0.3.165
d0.3.166
d0.3.167
d0.3.168
d0.3.169
d0.3.17
d0.3.170
d0.3.171
d0.3.172
d0.3.173
d0.3.174
d0.3.175
d0.3.176
d0.3.177
d0.3.19
d0.3.2
d0.3.23
d0.3.24
d0.3.25
d0.3.26
d0.3.27
d0.3.3
d0.3.30
d0.3.31
d0.3.32
d0.3.33
d0.3.34
d0.3.35
d0.3.36
d0.3.37
d0.3.4
d0.3.40
d0.3.41
d0.3.42
d0.3.43
d0.3.44
d0.3.45
d0.3.46
d0.3.47
d0.3.48
d0.3.49
d0.3.5
d0.3.53
d0.3.57
d0.3.58
d0.3.59
d0.3.6
d0.3.60
d0.3.61
d0.3.62
d0.3.63
d0.3.64
d0.3.65
d0.3.66
d0.3.67
d0.3.68
d0.3.69
d0.3.7
d0.3.70
d0.3.71
d0.3.72
d0.3.73
d0.3.74
d0.3.75
d0.3.76
d0.3.77
d0.3.78
d0.3.79
d0.3.8
d0.3.80
d0.3.81
d0.3.82
d0.3.83
d0.3.84
d0.3.85
d0.3.86
d0.3.87
d0.3.88
d0.3.89
d0.3.9
d0.3.90
d0.3.91
d0.3.92
d0.3.93
d0.3.94
d0.3.95
d0.3.96
d0.3.97
d0.3.98
d0.3.99
d0.5.10
d0.5.11
d0.5.12
d0.5.13
d0.5.14
d0.5.15
d0.5.16
d0.5.17
d0.5.18
d0.5.19
d0.5.2
d0.5.20
d0.5.21
d0.5.22
d0.5.23
d0.5.24
d0.5.25
d0.5.26
d0.5.27
d0.5.28
d0.5.29
d0.5.3
d0.5.30
d0.5.31
d0.5.32
d0.5.33
d0.5.34
d0.5.35
d0.5.36
d0.5.37
d0.5.38
d0.5.39
d0.5.4
d0.5.40
d0.5.41
d0.5.42
d0.5.43
d0.5.44
d0.5.45
d0.5.46
d0.5.47
d0.5.49
d0.5.5
d0.5.50
d0.5.51
d0.5.52
d0.5.53
d0.5.54
d0.5.55
d0.5.56
d0.5.57
d0.5.58
d0.5.59
d0.5.6
d0.5.60
d0.5.61
d0.5.62
d0.5.63
d0.5.64
d0.5.65
d0.5.66
d0.5.67
d0.5.68
d0.5.69
d0.5.7
d0.5.70
d0.5.8
d0.5.9
d0.7.1
d0.7.10
d0.7.11
d0.7.12
d0.7.13
d0.7.14
d0.7.15
d0.7.16
d0.7.17
d0.7.18
d0.7.19
d0.7.2
d0.7.20
d0.7.21
d0.7.22
d0.7.23
d0.7.24
d0.7.25
d0.7.26
d0.7.27
d0.7.28
d0.7.29
d0.7.3
d0.7.30
d0.7.31
d0.7.32
d0.7.33
d0.7.34
d0.7.35
d0.7.36
d0.7.37
d0.7.38
d0.7.39
d0.7.4
d0.7.40
d0.7.41
d0.7.42
d0.7.43
d0.7.44
d0.7.45
d0.7.46
d0.7.47
d0.7.48
d0.7.49
d0.7.5
d0.7.50
d0.7.51
d0.7.52
d0.7.6
d0.7.7
d0.7.8
d0.7.9
d0.9.10
d0.9.11
d0.9.12
d0.9.13
d0.9.14
d0.9.15
d0.9.16
d0.9.17
d0.9.18
d0.9.2
d0.9.26
d0.9.27
d0.9.28
d0.9.29
d0.9.3
d0.9.30
d0.9.31
d0.9.32
d0.9.33
d0.9.34
d0.9.35
d0.9.36
d0.9.37
d0.9.38
d0.9.39
d0.9.4
d0.9.5
d0.9.6
d0.9.7
d0.9.9
d1.*
d1.1.1
d1.1.2
d1.1.3
d1.1.4
d1.1.5
d1.1.6
d1.1.7
d1.1.8
d1.1.9
d1.11.1
d1.11.2
d1.11.3
d1.11.4
d1.11.5
d1.11.6
d1.11.7
d1.11.8
d1.13.1
d1.13.10
d1.13.2
d1.13.3
d1.13.4
d1.13.5
d1.13.6
d1.13.7
d1.13.8
d1.13.9
d1.3.10
d1.3.11
d1.3.12
d1.3.13
d1.3.14
d1.3.15
d1.3.16
d1.3.17
d1.3.18
d1.3.19
d1.3.2
d1.3.20
d1.3.21
d1.3.22
d1.3.23
d1.3.24
d1.3.3
d1.3.4
d1.3.5
d1.3.6
d1.3.7
d1.3.8
d1.3.9
d1.5.1
d1.5.10
d1.5.11
d1.5.12
d1.5.13
d1.5.14
d1.5.15
d1.5.16
d1.5.17
d1.5.2
d1.5.3
d1.5.4
d1.5.5
d1.5.6
d1.5.7
d1.5.8
d1.5.9
d1.7.1
d1.7.10
d1.7.11
d1.7.12
d1.7.13
d1.7.14
d1.7.15
d1.7.16
d1.7.17
d1.7.2
d1.7.20
d1.7.21
d1.7.22
d1.7.23
d1.7.24
d1.7.25
d1.7.26
d1.7.27
d1.7.28
d1.7.29
d1.7.3
d1.7.30
d1.7.31
d1.7.32
d1.7.33
d1.7.34
d1.7.35
d1.7.36
d1.7.37
d1.7.4
d1.7.5
d1.7.6
d1.7.7
d1.7.8
d1.7.9
d1.9.1
d1.9.10
d1.9.11
d1.9.12
d1.9.13
d1.9.14
d1.9.2
d1.9.3
d1.9.4
d1.9.5
d1.9.6
d1.9.7
d1.9.8
d1.9.9
jakarta-v1.*
jakarta-v1.23.10
jakarta-v1.23.11
jakarta-v1.23.12
jakarta-v1.23.13
jakarta-v1.23.14
jakarta-v1.23.15
jakarta-v1.23.16
jakarta-v1.23.17
jakarta-v1.23.18
jakarta-v1.23.19
jakarta-v1.23.20
jakarta-v1.23.21
jakarta-v1.23.22
jakarta-v1.23.23
jakarta-v1.23.3
jakarta-v1.23.4
jakarta-v1.23.5
jakarta-v1.23.6
jakarta-v1.23.7
jakarta-v1.23.8
jakarta-v1.23.9
jakarta-v1.25.1
jakarta-v1.25.10
jakarta-v1.25.100
jakarta-v1.25.101
jakarta-v1.25.102
jakarta-v1.25.103
jakarta-v1.25.104
jakarta-v1.25.105
jakarta-v1.25.106
jakarta-v1.25.107
jakarta-v1.25.108
jakarta-v1.25.109
jakarta-v1.25.11
jakarta-v1.25.110
jakarta-v1.25.111
jakarta-v1.25.112
jakarta-v1.25.113
jakarta-v1.25.114
jakarta-v1.25.115
jakarta-v1.25.116
jakarta-v1.25.117
jakarta-v1.25.118
jakarta-v1.25.119
jakarta-v1.25.12
jakarta-v1.25.120
jakarta-v1.25.121
jakarta-v1.25.123
jakarta-v1.25.124
jakarta-v1.25.125
jakarta-v1.25.126
jakarta-v1.25.13
jakarta-v1.25.14
jakarta-v1.25.15
jakarta-v1.25.16
jakarta-v1.25.17
jakarta-v1.25.2
jakarta-v1.25.20
jakarta-v1.25.21
jakarta-v1.25.22
jakarta-v1.25.23
jakarta-v1.25.24
jakarta-v1.25.25
jakarta-v1.25.26
jakarta-v1.25.27
jakarta-v1.25.29
jakarta-v1.25.3
jakarta-v1.25.30
jakarta-v1.25.31
jakarta-v1.25.32
jakarta-v1.25.33
jakarta-v1.25.34
jakarta-v1.25.35
jakarta-v1.25.37
jakarta-v1.25.38
jakarta-v1.25.4
jakarta-v1.25.40
jakarta-v1.25.41
jakarta-v1.25.42
jakarta-v1.25.43
jakarta-v1.25.44
jakarta-v1.25.45
jakarta-v1.25.46
jakarta-v1.25.47
jakarta-v1.25.48
jakarta-v1.25.49
jakarta-v1.25.5
jakarta-v1.25.50
jakarta-v1.25.51
jakarta-v1.25.52
jakarta-v1.25.53
jakarta-v1.25.54
jakarta-v1.25.55
jakarta-v1.25.56
jakarta-v1.25.57
jakarta-v1.25.58
jakarta-v1.25.59
jakarta-v1.25.6
jakarta-v1.25.60
jakarta-v1.25.61
jakarta-v1.25.62
jakarta-v1.25.63
jakarta-v1.25.64
jakarta-v1.25.65
jakarta-v1.25.66
jakarta-v1.25.67
jakarta-v1.25.68
jakarta-v1.25.69
jakarta-v1.25.7
jakarta-v1.25.70
jakarta-v1.25.71
jakarta-v1.25.72
jakarta-v1.25.73
jakarta-v1.25.74
jakarta-v1.25.75
jakarta-v1.25.76
jakarta-v1.25.77
jakarta-v1.25.78
jakarta-v1.25.79
jakarta-v1.25.8
jakarta-v1.25.80
jakarta-v1.25.81
jakarta-v1.25.82
jakarta-v1.25.83
jakarta-v1.25.84
jakarta-v1.25.85
jakarta-v1.25.86
jakarta-v1.25.87
jakarta-v1.25.88
jakarta-v1.25.89
jakarta-v1.25.9
jakarta-v1.25.90
jakarta-v1.25.91
jakarta-v1.25.92
jakarta-v1.25.93
jakarta-v1.25.94
jakarta-v1.25.95
jakarta-v1.25.96
jakarta-v1.25.97
jakarta-v1.25.98
jakarta-v1.25.99
jenkins-veraPDF-library-0.*
jenkins-veraPDF-library-0.11-1
jenkins-veraPDF-library-0.11-100
jenkins-veraPDF-library-0.11-101
jenkins-veraPDF-library-0.11-102
jenkins-veraPDF-library-0.11-103
jenkins-veraPDF-library-0.11-105
jenkins-veraPDF-library-0.11-106
jenkins-veraPDF-library-0.11-107
jenkins-veraPDF-library-0.11-108
jenkins-veraPDF-library-0.11-109
jenkins-veraPDF-library-0.11-110
jenkins-veraPDF-library-0.11-111
jenkins-veraPDF-library-0.11-112
jenkins-veraPDF-library-0.11-113
jenkins-veraPDF-library-0.11-114
jenkins-veraPDF-library-0.11-115
jenkins-veraPDF-library-0.11-116
jenkins-veraPDF-library-0.11-117
jenkins-veraPDF-library-0.11-118
jenkins-veraPDF-library-0.11-119
jenkins-veraPDF-library-0.11-120
jenkins-veraPDF-library-0.11-121
jenkins-veraPDF-library-0.11-122
jenkins-veraPDF-library-0.11-123
jenkins-veraPDF-library-0.11-124
jenkins-veraPDF-library-0.11-125
jenkins-veraPDF-library-0.11-126
jenkins-veraPDF-library-0.11-127
jenkins-veraPDF-library-0.11-128
jenkins-veraPDF-library-0.11-129
jenkins-veraPDF-library-0.11-130
jenkins-veraPDF-library-0.11-131
jenkins-veraPDF-library-0.11-132
jenkins-veraPDF-library-0.11-133
jenkins-veraPDF-library-0.11-134
jenkins-veraPDF-library-0.11-135
jenkins-veraPDF-library-0.11-136
jenkins-veraPDF-library-0.11-137
jenkins-veraPDF-library-0.11-2
jenkins-veraPDF-library-0.11-3
jenkins-veraPDF-library-0.11-4
jenkins-veraPDF-library-0.11-5
jenkins-veraPDF-library-0.11-6
jenkins-veraPDF-library-0.11-7
jenkins-veraPDF-library-0.11-8
jenkins-veraPDF-library-0.13-1
jenkins-veraPDF-library-0.13-10
jenkins-veraPDF-library-0.13-11
jenkins-veraPDF-library-0.13-12
jenkins-veraPDF-library-0.13-2
jenkins-veraPDF-library-0.13-3
jenkins-veraPDF-library-0.13-4
jenkins-veraPDF-library-0.13-5
jenkins-veraPDF-library-0.13-6
jenkins-veraPDF-library-0.13-7
jenkins-veraPDF-library-0.13-8
jenkins-veraPDF-library-0.13-9
jenkins-veraPDF-library-0.15-1
jenkins-veraPDF-library-0.15-2
jenkins-veraPDF-library-0.15-3
jenkins-veraPDF-library-0.15-4
jenkins-veraPDF-library-0.15-5
jenkins-veraPDF-library-0.15-6
jenkins-veraPDF-library-0.15-7
v0.*
v0.11.100
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v1.*
v1.13.11
v1.15.10
v1.15.11
v1.15.12
v1.15.13
v1.15.14
v1.15.15
v1.15.17
v1.15.19
v1.15.2
v1.15.20
v1.15.3
v1.15.4
v1.15.7
v1.15.8
v1.15.9
v1.17.1
v1.17.10
v1.17.11
v1.17.12
v1.17.13
v1.17.14
v1.17.15
v1.17.16
v1.17.18
v1.17.2
v1.17.20
v1.17.21
v1.17.22
v1.17.23
v1.17.24
v1.17.25
v1.17.26
v1.17.27
v1.17.28
v1.17.29
v1.17.30
v1.17.31
v1.17.32
v1.17.33
v1.17.34
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.17.8
v1.17.9
v1.19.1
v1.19.10
v1.19.11
v1.19.12
v1.19.13
v1.19.14
v1.19.15
v1.19.16
v1.19.17
v1.19.18
v1.19.19
v1.19.2
v1.19.20
v1.19.21
v1.19.22
v1.19.23
v1.19.24
v1.19.25
v1.19.26
v1.19.27
v1.19.28
v1.19.29
v1.19.3
v1.19.30
v1.19.31
v1.19.32
v1.19.34
v1.19.35
v1.19.36
v1.19.37
v1.19.38
v1.19.39
v1.19.4
v1.19.40
v1.19.41
v1.19.42
v1.19.43
v1.19.44
v1.19.45
v1.19.46
v1.19.47
v1.19.48
v1.19.49
v1.19.5
v1.19.50
v1.19.51
v1.19.52
v1.19.53
v1.19.54
v1.19.55
v1.19.56
v1.19.57
v1.19.58
v1.19.59
v1.19.6
v1.19.60
v1.19.61
v1.19.62
v1.19.63
v1.19.64
v1.19.65
v1.19.66
v1.19.67
v1.19.8
v1.19.9
v1.21.1
v1.21.10
v1.21.11
v1.21.12
v1.21.13
v1.21.14
v1.21.15
v1.21.16
v1.21.17
v1.21.18
v1.21.19
v1.21.2
v1.21.20
v1.21.21
v1.21.22
v1.21.23
v1.21.24
v1.21.25
v1.21.26
v1.21.27
v1.21.28
v1.21.29
v1.21.3
v1.21.30
v1.21.31
v1.21.32
v1.21.33
v1.21.34
v1.21.35
v1.21.36
v1.21.37
v1.21.38
v1.21.4
v1.21.40
v1.21.41
v1.21.42
v1.21.43
v1.21.44
v1.21.45
v1.21.46
v1.21.47
v1.21.48
v1.21.49
v1.21.5
v1.21.50
v1.21.51
v1.21.52
v1.21.53
v1.21.54
v1.21.55
v1.21.56
v1.21.57
v1.21.58
v1.21.59
v1.21.6
v1.21.60
v1.21.61
v1.21.62
v1.21.63
v1.21.64
v1.21.65
v1.21.66
v1.21.67
v1.21.68
v1.21.69
v1.21.7
v1.21.8
v1.21.9
v1.23.1
v1.23.11
v1.23.12
v1.23.13
v1.23.14
v1.23.15
v1.23.17
v1.23.18
v1.23.19
v1.23.2
v1.23.20
v1.23.21
v1.23.22
v1.23.23
v1.23.24
v1.23.25
v1.23.26
v1.23.27
v1.23.28
v1.23.29
v1.23.3
v1.23.30
v1.23.31
v1.23.32
v1.23.33
v1.23.34
v1.23.35
v1.23.36
v1.23.37
v1.23.38
v1.23.39
v1.23.4
v1.23.40
v1.23.41
v1.23.42
v1.23.43
v1.23.44
v1.23.45
v1.23.46
v1.23.47
v1.23.48
v1.23.49
v1.23.5
v1.23.50
v1.23.51
v1.23.52
v1.23.53
v1.23.54
v1.23.55
v1.23.56
v1.23.57
v1.23.58
v1.23.59
v1.23.6
v1.23.60
v1.23.61
v1.23.62
v1.23.63
v1.23.64
v1.23.65
v1.23.66
v1.23.67
v1.23.68
v1.23.69
v1.23.7
v1.23.70
v1.23.71
v1.23.72
v1.23.73
v1.23.74
v1.23.75
v1.23.76
v1.23.77
v1.23.78
v1.23.8
v1.23.9
v1.24.0-RC3
v1.24.1
Database specific
vanir_signatures_modified
"2026-04-12T09:49:31Z"
vanir_signatures
[
{
"id": "CVE-2024-28109-048244ac",
"target": {
"file": "core/src/main/java/org/verapdf/report/XsltTransformer.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"314024327165131025719359155641703627087",
"153485509858851554164757819449810500174",
"99671310537622811683114623434531180964",
"278856627166843397374098825868273035592",
"94024315187233117371038954304987097606",
"210061705809035425765263114453671632579",
"68401101661147721262409273196762375016",
"212316229998943900538346054529279408659",
"238550609166701848284992526505467900221",
"222855551540734671196943360343421868759"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/verapdf/verapdf-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-1901f1a9",
"target": {
"file": "core/src/main/java/org/verapdf/policy/PolicyChecker.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"268683998414629180723732748748622305513",
"119591689990737683571003116572876667123",
"187676800969564451594197965115920989569",
"35300549163924853715016977494395208438",
"62996282052143551778693146473336732067",
"171117875149592780770013649849266522941",
"291129686413221401557573584285810766465",
"51294317410852440387739527248317925622",
"331572443359837211208562569655502027979",
"278633796295322599799435761756724422205",
"280475483913205191445270189836404478495",
"19143992816076042554783378395417813080",
"71556732225210992123856106987236315976",
"47926749257026320571128998380282564336",
"63322495910519561176566198227185058374",
"173311566811786119005563662949687445652",
"327405362290801411389378411944726164845",
"150037681874916755940498665587320824001",
"71619496410149669050877827210052272397",
"248599257197480896120833193527092472669",
"261200544252286114637012428144588156977"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/verapdf/verapdf-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-3680c86f",
"target": {
"file": "core/src/main/java/org/verapdf/policy/SchematronPipeline.java",
"function": "getTransformerFactory"
},
"deprecated": false,
"digest": {
"function_hash": "77615674395939447696874967233975857252",
"length": 108.0
},
"signature_type": "Function",
"source": "https://github.com/verapdf/verapdf-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-4c544204",
"target": {
"file": "core/src/main/java/org/verapdf/report/XsltTransformer.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"150317643317009352837117710604998262747",
"214179411249400868788326571793686841881",
"160984633692644176330551112412516940355",
"26278904556754478588255982403436883831",
"51294317410852440387739527248317925622",
"331572443359837211208562569655502027979",
"263445317352147022175209384741336631021",
"241848016587936372745676223628315048679",
"300729532900850626314738368004229010849",
"117424439969381308488465584479579394093",
"191206354664775270332048757424204602670",
"55768189952811248206539825698066730744",
"165860902596739093650826672912782776156",
"135630607161910714903073014893185802371"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/verapdf/verapdf-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-68d8a46e",
"target": {
"file": "core/src/main/java/org/verapdf/policy/PolicyChecker.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"224328017688963579429047543276332622691",
"253495606006731938297965456417576031596",
"208107536836371313768515420362726076099",
"240578709705639387227594024464916772965",
"94024315187233117371038954304987097606",
"225769169320645258892164601130407247295",
"64794483530284407491848938715549914885",
"272800470640206410122280763977004664587",
"156932971524137884292793579576906935401",
"107189704998523357392636661063618605730",
"119601254455757965076760477389806806194",
"138166216149321281900164122458489691970",
"11943939343719906000813310495673874763",
"35300549163924853715016977494395208438",
"248599257197480896120833193527092472669",
"261200544252286114637012428144588156977"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/verapdf/verapdf-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-6ad6318e",
"target": {
"file": "core/src/main/java/org/verapdf/policy/SchematronPipeline.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"11739690271018724119678102136666513982",
"201483171779504168798728696500956372650",
"283179104122216186589824824090771591881",
"51294317410852440387739527248317925622",
"331572443359837211208562569655502027979",
"278633796295322599799435761756724422205",
"280475483913205191445270189836404478495",
"19143992816076042554783378395417813080",
"108589293031235403974938081119048647762",
"262339945258243056238408127486317543030",
"29916690645094876781074380477457350424",
"218387017017241573863496324558489609758",
"315380829231234721679759831500944156725",
"300508137327936713773502709470718543695",
"107575698714835447749587793724562227032"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/verapdf/verapdf-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-76bb3aac",
"target": {
"file": "core/src/main/java/org/verapdf/policy/SchematronPipeline.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"258197942930372520807232347724110843674",
"321517328457344202773345465738423935872",
"55691878878564924380722908300775341661",
"128811363057000024621762920757818299371",
"104857820877417341818050995754102403058",
"8321216550991638146802355065206854513",
"219084297865345889781102667887985017606",
"160141410629888383393745805002316015544",
"63386078023871736704282743553485838731",
"4654243613873196762169853584461005995",
"243272454754186338166362573584960041911",
"321699211789779336595589911859547959141",
"276631690930558555844825754640543527160"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/verapdf/verapdf-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-858db0b5",
"target": {
"file": "core/src/main/java/org/verapdf/report/XsltTransformer.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"314024327165131025719359155641703627087",
"153485509858851554164757819449810500174",
"99671310537622811683114623434531180964",
"278856627166843397374098825868273035592",
"94024315187233117371038954304987097606",
"68401101661147721262409273196762375016",
"212316229998943900538346054529279408659",
"238550609166701848284992526505467900221",
"222855551540734671196943360343421868759",
"165860902596739093650826672912782776156",
"135630607161910714903073014893185802371"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/verapdf/verapdf-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-939a9246",
"target": {
"file": "core/src/main/java/org/verapdf/policy/SchematronPipeline.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"258197942930372520807232347724110843674",
"321517328457344202773345465738423935872",
"55691878878564924380722908300775341661",
"128811363057000024621762920757818299371",
"104857820877417341818050995754102403058",
"8321216550991638146802355065206854513",
"4654243613873196762169853584461005995",
"243272454754186338166362573584960041911",
"321699211789779336595589911859547959141",
"276631690930558555844825754640543527160"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/verapdf/verapdf-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-b5ed2f8b",
"target": {
"file": "core/src/main/java/org/verapdf/policy/SchematronPipeline.java",
"function": "getTransformerFactory"
},
"deprecated": false,
"digest": {
"function_hash": "55445795179364619816085416989741324585",
"length": 313.0
},
"signature_type": "Function",
"source": "https://github.com/verapdf/verapdf-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-dc4351d9",
"target": {
"file": "core/src/main/java/org/verapdf/policy/SchematronPipeline.java",
"function": "getTransformerFactory"
},
"deprecated": false,
"digest": {
"function_hash": "77615674395939447696874967233975857252",
"length": 108.0
},
"signature_type": "Function",
"source": "https://github.com/verapdf/verapdf-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-e29c38e8",
"target": {
"file": "core/src/main/java/org/verapdf/policy/PolicyChecker.java",
"function": "insertPolicyReport"
},
"deprecated": false,
"digest": {
"function_hash": "41089638787531240438109833714202719064",
"length": 383.0
},
"signature_type": "Function",
"source": "https://github.com/verapdf/verapdf-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f",
"signature_version": "v1"
},
{
"id": "CVE-2024-28109-f8b00b77",
"target": {
"file": "core/src/main/java/org/verapdf/policy/PolicyChecker.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"224328017688963579429047543276332622691",
"253495606006731938297965456417576031596",
"208107536836371313768515420362726076099",
"240578709705639387227594024464916772965",
"94024315187233117371038954304987097606",
"225769169320645258892164601130407247295",
"64794483530284407491848938715549914885",
"272800470640206410122280763977004664587",
"156932971524137884292793579576906935401",
"107189704998523357392636661063618605730",
"119601254455757965076760477389806806194",
"138166216149321281900164122458489691970",
"11943939343719906000813310495673874763",
"236982991262185234966901048780122358035",
"52345285324363004965078444182254192372",
"246295016927105974677660352155156870845"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/verapdf/verapdf-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28109.json"