VYPR
Critical severity9.8OSV Advisory· Published Apr 17, 2019· Updated Jun 17, 2026

CVE-2019-0228

CVE-2019-0228

Description

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.pdfbox:pdfboxMaven
>= 2.0.14, < 2.0.152.0.15

Affected products

2

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.