by mrahier96

Abstract Advisory Information

The PDF engine allow loading local or remote content using specific HTML class of tags.

Author: Dominique RIGHETTO

Version affected

Name: PD4ML java library

Versions: 4.0.15fx1

Common Vulnerability Scoring System






Vulnerability Disclosure Timeline

  • 07/12/2022: Vulnerability discovery
  • 08/12/2022: Vulnerability Report to CERT-XLM
  • 09/12/2022: Vulnerability Report to Vendor through form
  • 09/12/2022: Vendor replied, Vulnerability Report sent
  • 09/12/2022: There is nothing to fix from Vendor perspective
  • 16/12/2022: Send e-mail to vendor again to press on them. The vendor recognizes the vulnerability.
  • 20/12/2022: Send e-mail to vendor to set up a technical meeting
  • 23/12/2022: Send e-mail to vendor to set up a technical meeting
  • 06/01/2023: Informed vendor of an update in the advisory
  • 09/01/2023: Meeting held to discuss the technicalities.
  • 09/01/2023: Message sent to the vendor to say that we will start our usual publication process
  • 03/03/2023: Request CVE ID to Mitre
  • 03/03/2023: CVE IDs assigned Use CVE-2023-27565
  • 17/03/2023: Public disclosure by Excellium Services