Abstract Advisory Information
The PDF engine allow loading local or remote content using specific HTML class of tags.
Author: Dominique RIGHETTO
Name: PD4ML java library
Common Vulnerability Scoring System
Vulnerability Disclosure Timeline
- 07/12/2022: Vulnerability discovery
- 08/12/2022: Vulnerability Report to CERT-XLM
- 09/12/2022: Vulnerability Report to Vendor through form
- 09/12/2022: Vendor replied, Vulnerability Report sent
- 09/12/2022: There is nothing to fix from Vendor perspective
- 16/12/2022: Send e-mail to vendor again to press on them. The vendor recognizes the vulnerability.
- 20/12/2022: Send e-mail to vendor to set up a technical meeting
- 23/12/2022: Send e-mail to vendor to set up a technical meeting
- 06/01/2023: Informed vendor of an update in the advisory
- 09/01/2023: Meeting held to discuss the technicalities.
- 09/01/2023: Message sent to the vendor to say that we will start our usual publication process
- 03/03/2023: Request CVE ID to Mitre
- 03/03/2023: CVE IDs assigned Use CVE-2023-27565
- 17/03/2023: Public disclosure by Excellium Services