CVE-2024-28109

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-28109
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28109.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-28109
Aliases
Published
2024-03-28T13:19:39Z
Modified
2025-10-30T20:25:24.796104Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Potential XSLT injection vulnerability when using policy files
Details

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.

Database specific 
{
    "cwe_ids": [
        "CWE-91"
    ]
}
References

Affected packages

Git / github.com/verapdf/verapdf-library

Affected ranges

Type
GIT
Repo
https://github.com/verapdf/verapdf-library
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe

Affected versions

Other

b
b191
b192
b193
b194
b195
b196
b197
b198
b199
b200
b201
b203
b204
b205
b206
b208
b209
b210
b211
b212
b213
b214
b215
b216
b217
b218
b219
b220
b221
b222
b223
b225
b226
b227
b228
b229
b230
b35
b36
b37
b38
b39
b40
d

d0.*

d0.11.101
d0.11.102
d0.11.103
d0.11.104
d0.11.105
d0.11.106
d0.11.107
d0.11.108
d0.11.109
d0.11.110
d0.11.111
d0.11.112
d0.11.113
d0.11.114
d0.11.115
d0.11.116
d0.11.117
d0.11.118
d0.11.119
d0.11.120
d0.11.121
d0.11.122
d0.11.123
d0.11.124
d0.11.125
d0.11.126
d0.11.127
d0.11.128
d0.11.129
d0.11.130
d0.11.131
d0.11.132
d0.11.133
d0.11.134
d0.11.135
d0.11.136
d0.11.137
d0.13.1
d0.13.10
d0.13.11
d0.13.12
d0.13.2
d0.13.3
d0.13.4
d0.13.5
d0.13.6
d0.13.7
d0.13.8
d0.13.9
d0.15.1
d0.15.10
d0.15.11
d0.15.12
d0.15.13
d0.15.14
d0.15.15
d0.15.16
d0.15.17
d0.15.2
d0.15.3
d0.15.4
d0.15.5
d0.15.6
d0.15.7
d0.15.8
d0.15.9
d0.17.1
d0.17.10
d0.17.11
d0.17.12
d0.17.13
d0.17.14
d0.17.15
d0.17.16
d0.17.17
d0.17.18
d0.17.19
d0.17.2
d0.17.20
d0.17.21
d0.17.3
d0.17.4
d0.17.5
d0.17.6
d0.17.7
d0.17.8
d0.17.9
d0.19.1
d0.19.2
d0.19.5
d0.19.6
d0.21.1
d0.21.2
d0.21.3
d0.21.4
d0.23.1
d0.23.2
d0.23.3
d0.23.4
d0.23.5
d0.23.6
d0.23.7
d0.25-REFACT-10
d0.25-REFACT-12
d0.25-REFACT-13
d0.25-REFACT-14
d0.25-REFACT-4
d0.25-REFACT-5
d0.25-REFACT-6
d0.25-REFACT-7
d0.25-REFACT-8
d0.25-REFACT-9
d0.25.1
d0.25.1-REFACT
d0.25.10
d0.25.11
d0.25.12
d0.25.13
d0.25.14
d0.25.15
d0.25.16
d0.25.17
d0.25.18
d0.25.19
d0.25.2
d0.25.2-REFACT
d0.25.20
d0.25.3
d0.25.4
d0.25.5
d0.25.6
d0.25.7
d0.25.8
d0.25.9
d0.27.1
d0.27.10
d0.27.11
d0.27.12
d0.27.13
d0.27.14
d0.27.15
d0.27.16
d0.27.17
d0.27.18
d0.27.19
d0.27.2
d0.27.20
d0.27.21
d0.27.22
d0.27.23
d0.27.24
d0.27.25
d0.27.3
d0.27.4
d0.27.5
d0.27.6
d0.27.7
d0.27.8
d0.27.9
d0.29.1
d0.29.3
d0.29.4
d0.29.5
d0.3.0
d0.3.10
d0.3.100
d0.3.101
d0.3.102
d0.3.103
d0.3.104
d0.3.105
d0.3.106
d0.3.107
d0.3.108
d0.3.109
d0.3.11
d0.3.110
d0.3.111
d0.3.112
d0.3.113
d0.3.114
d0.3.115
d0.3.116
d0.3.117
d0.3.118
d0.3.119
d0.3.12
d0.3.120
d0.3.121
d0.3.122
d0.3.123
d0.3.124
d0.3.125
d0.3.126
d0.3.127
d0.3.129
d0.3.13
d0.3.130
d0.3.131
d0.3.14
d0.3.15
d0.3.158
d0.3.159
d0.3.16
d0.3.160
d0.3.161
d0.3.162
d0.3.163
d0.3.164
d0.3.165
d0.3.166
d0.3.167
d0.3.168
d0.3.169
d0.3.17
d0.3.170
d0.3.171
d0.3.172
d0.3.173
d0.3.174
d0.3.175
d0.3.176
d0.3.177
d0.3.19
d0.3.2
d0.3.23
d0.3.24
d0.3.25
d0.3.26
d0.3.27
d0.3.3
d0.3.30
d0.3.31
d0.3.32
d0.3.33
d0.3.34
d0.3.35
d0.3.36
d0.3.37
d0.3.4
d0.3.40
d0.3.41
d0.3.42
d0.3.43
d0.3.44
d0.3.45
d0.3.46
d0.3.47
d0.3.48
d0.3.49
d0.3.5
d0.3.53
d0.3.57
d0.3.58
d0.3.59
d0.3.6
d0.3.60
d0.3.61
d0.3.62
d0.3.63
d0.3.64
d0.3.65
d0.3.66
d0.3.67
d0.3.68
d0.3.69
d0.3.7
d0.3.70
d0.3.71
d0.3.72
d0.3.73
d0.3.74
d0.3.75
d0.3.76
d0.3.77
d0.3.78
d0.3.79
d0.3.8
d0.3.80
d0.3.81
d0.3.82
d0.3.83
d0.3.84
d0.3.85
d0.3.86
d0.3.87
d0.3.88
d0.3.89
d0.3.9
d0.3.90
d0.3.91
d0.3.92
d0.3.93
d0.3.94
d0.3.95
d0.3.96
d0.3.97
d0.3.98
d0.3.99
d0.5.10
d0.5.11
d0.5.12
d0.5.13
d0.5.14
d0.5.15
d0.5.16
d0.5.17
d0.5.18
d0.5.19
d0.5.2
d0.5.20
d0.5.21
d0.5.22
d0.5.23
d0.5.24
d0.5.25
d0.5.26
d0.5.27
d0.5.28
d0.5.29
d0.5.3
d0.5.30
d0.5.31
d0.5.32
d0.5.33
d0.5.34
d0.5.35
d0.5.36
d0.5.37
d0.5.38
d0.5.39
d0.5.4
d0.5.40
d0.5.41
d0.5.42
d0.5.43
d0.5.44
d0.5.45
d0.5.46
d0.5.47
d0.5.49
d0.5.5
d0.5.50
d0.5.51
d0.5.52
d0.5.53
d0.5.54
d0.5.55
d0.5.56
d0.5.57
d0.5.58
d0.5.59
d0.5.6
d0.5.60
d0.5.61
d0.5.62
d0.5.63
d0.5.64
d0.5.65
d0.5.66
d0.5.67
d0.5.68
d0.5.69
d0.5.7
d0.5.70
d0.5.8
d0.5.9
d0.7.1
d0.7.10
d0.7.11
d0.7.12
d0.7.13
d0.7.14
d0.7.15
d0.7.16
d0.7.17
d0.7.18
d0.7.19
d0.7.2
d0.7.20
d0.7.21
d0.7.22
d0.7.23
d0.7.24
d0.7.25
d0.7.26
d0.7.27
d0.7.28
d0.7.29
d0.7.3
d0.7.30
d0.7.31
d0.7.32
d0.7.33
d0.7.34
d0.7.35
d0.7.36
d0.7.37
d0.7.38
d0.7.39
d0.7.4
d0.7.40
d0.7.41
d0.7.42
d0.7.43
d0.7.44
d0.7.45
d0.7.46
d0.7.47
d0.7.48
d0.7.49
d0.7.5
d0.7.50
d0.7.51
d0.7.52
d0.7.6
d0.7.7
d0.7.8
d0.7.9
d0.9.10
d0.9.11
d0.9.12
d0.9.13
d0.9.14
d0.9.15
d0.9.16
d0.9.17
d0.9.18
d0.9.2
d0.9.26
d0.9.27
d0.9.28
d0.9.29
d0.9.3
d0.9.30
d0.9.31
d0.9.32
d0.9.33
d0.9.34
d0.9.35
d0.9.36
d0.9.37
d0.9.38
d0.9.39
d0.9.4
d0.9.5
d0.9.6
d0.9.7
d0.9.9

d1.*

d1.1.1
d1.1.2
d1.1.3
d1.1.4
d1.1.5
d1.1.6
d1.1.7
d1.1.8
d1.1.9
d1.11.1
d1.11.2
d1.11.3
d1.11.4
d1.11.5
d1.11.6
d1.11.7
d1.11.8
d1.13.1
d1.13.10
d1.13.2
d1.13.3
d1.13.4
d1.13.5
d1.13.6
d1.13.7
d1.13.8
d1.13.9
d1.3.0
d1.3.10
d1.3.11
d1.3.12
d1.3.13
d1.3.14
d1.3.15
d1.3.16
d1.3.17
d1.3.18
d1.3.19
d1.3.2
d1.3.20
d1.3.21
d1.3.22
d1.3.23
d1.3.24
d1.3.3
d1.3.4
d1.3.5
d1.3.6
d1.3.7
d1.3.8
d1.3.9
d1.5.1
d1.5.10
d1.5.11
d1.5.12
d1.5.13
d1.5.14
d1.5.15
d1.5.16
d1.5.17
d1.5.2
d1.5.3
d1.5.4
d1.5.5
d1.5.6
d1.5.7
d1.5.8
d1.5.9
d1.7.1
d1.7.10
d1.7.11
d1.7.12
d1.7.13
d1.7.14
d1.7.15
d1.7.16
d1.7.17
d1.7.18
d1.7.19
d1.7.2
d1.7.20
d1.7.21
d1.7.22
d1.7.23
d1.7.24
d1.7.25
d1.7.26
d1.7.27
d1.7.28
d1.7.29
d1.7.3
d1.7.30
d1.7.31
d1.7.32
d1.7.33
d1.7.34
d1.7.35
d1.7.36
d1.7.37
d1.7.4
d1.7.5
d1.7.6
d1.7.7
d1.7.8
d1.7.9
d1.9.1
d1.9.10
d1.9.11
d1.9.12
d1.9.13
d1.9.14
d1.9.2
d1.9.3
d1.9.4
d1.9.5
d1.9.6
d1.9.7
d1.9.8
d1.9.9

jenkins-veraPDF-library-0.*

jenkins-veraPDF-library-0.10-1
jenkins-veraPDF-library-0.10-2
jenkins-veraPDF-library-0.10-3
jenkins-veraPDF-library-0.10-4
jenkins-veraPDF-library-0.10-5
jenkins-veraPDF-library-0.10-6
jenkins-veraPDF-library-0.10-7
jenkins-veraPDF-library-0.11-1
jenkins-veraPDF-library-0.11-100
jenkins-veraPDF-library-0.11-101
jenkins-veraPDF-library-0.11-102
jenkins-veraPDF-library-0.11-103
jenkins-veraPDF-library-0.11-104
jenkins-veraPDF-library-0.11-105
jenkins-veraPDF-library-0.11-106
jenkins-veraPDF-library-0.11-107
jenkins-veraPDF-library-0.11-108
jenkins-veraPDF-library-0.11-109
jenkins-veraPDF-library-0.11-110
jenkins-veraPDF-library-0.11-111
jenkins-veraPDF-library-0.11-112
jenkins-veraPDF-library-0.11-113
jenkins-veraPDF-library-0.11-114
jenkins-veraPDF-library-0.11-115
jenkins-veraPDF-library-0.11-116
jenkins-veraPDF-library-0.11-117
jenkins-veraPDF-library-0.11-118
jenkins-veraPDF-library-0.11-119
jenkins-veraPDF-library-0.11-120
jenkins-veraPDF-library-0.11-121
jenkins-veraPDF-library-0.11-122
jenkins-veraPDF-library-0.11-123
jenkins-veraPDF-library-0.11-124
jenkins-veraPDF-library-0.11-125
jenkins-veraPDF-library-0.11-126
jenkins-veraPDF-library-0.11-127
jenkins-veraPDF-library-0.11-128
jenkins-veraPDF-library-0.11-129
jenkins-veraPDF-library-0.11-130
jenkins-veraPDF-library-0.11-131
jenkins-veraPDF-library-0.11-132
jenkins-veraPDF-library-0.11-133
jenkins-veraPDF-library-0.11-134
jenkins-veraPDF-library-0.11-135
jenkins-veraPDF-library-0.11-136
jenkins-veraPDF-library-0.11-137
jenkins-veraPDF-library-0.11-2
jenkins-veraPDF-library-0.11-3
jenkins-veraPDF-library-0.11-4
jenkins-veraPDF-library-0.11-5
jenkins-veraPDF-library-0.11-6
jenkins-veraPDF-library-0.11-7
jenkins-veraPDF-library-0.11-8
jenkins-veraPDF-library-0.12-1
jenkins-veraPDF-library-0.12-2
jenkins-veraPDF-library-0.12-3
jenkins-veraPDF-library-0.12-4
jenkins-veraPDF-library-0.12-6
jenkins-veraPDF-library-0.12-7
jenkins-veraPDF-library-0.13-1
jenkins-veraPDF-library-0.13-10
jenkins-veraPDF-library-0.13-11
jenkins-veraPDF-library-0.13-12
jenkins-veraPDF-library-0.13-2
jenkins-veraPDF-library-0.13-3
jenkins-veraPDF-library-0.13-4
jenkins-veraPDF-library-0.13-5
jenkins-veraPDF-library-0.13-6
jenkins-veraPDF-library-0.13-7
jenkins-veraPDF-library-0.13-8
jenkins-veraPDF-library-0.13-9
jenkins-veraPDF-library-0.15-1
jenkins-veraPDF-library-0.15-2
jenkins-veraPDF-library-0.15-3
jenkins-veraPDF-library-0.15-4
jenkins-veraPDF-library-0.15-5
jenkins-veraPDF-library-0.15-6
jenkins-veraPDF-library-0.15-7

v0.*

v0.10.6
v0.10.7
v0.11.100
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.7
v0.16.1
v0.18.1
v0.2.0
v0.2.8
v0.2.9
v0.20.1
v0.22.1
v0.24.1
v0.24.2
v0.24.3
v0.26.1
v0.26.10
v0.26.11
v0.26.2
v0.26.3
v0.26.4
v0.26.5
v0.26.6
v0.26.7
v0.26.8
v0.26.9
v0.28.1
v0.28.2
v0.4.4
v0.4.5
v0.4.6
v0.6.13
v0.6.14
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.20
v0.6.21
v0.6.22
v0.6.23
v0.6.24
v0.6.25
v0.6.26
v0.6.27
v0.6.28
v0.6.30
v0.6.31
v0.6.32
v0.6.33
v0.6.34
v0.6.35
v0.6.36
v0.6.37
v0.6.38
v0.6.39
v0.6.40
v0.6.41
v0.6.42
v0.6.43
v0.6.44
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7

v1.*

v1.0.1
v1.0.2
v1.0.6
v1.0.7
v1.10.1
v1.10.2
v1.10.3
v1.12.1
v1.12.3
v1.13.11
v1.14.1
v1.14.1-RC
v1.14.100
v1.14.101
v1.14.102
v1.14.2
v1.14.2-RC
v1.14.3
v1.14.3-RC
v1.14.6-RC
v1.15.10
v1.15.11
v1.15.12
v1.15.13
v1.15.14
v1.15.15
v1.15.17
v1.15.19
v1.15.2
v1.15.20
v1.15.3
v1.15.4
v1.15.7
v1.15.8
v1.15.9
v1.16.0-RC1
v1.16.0-RC2
v1.16.0-RC3
v1.16.0-RC4
v1.16.0-RC5
v1.16.1
v1.17.1
v1.17.10
v1.17.11
v1.17.12
v1.17.13
v1.17.14
v1.17.15
v1.17.16
v1.17.18
v1.17.2
v1.17.20
v1.17.21
v1.17.22
v1.17.23
v1.17.24
v1.17.25
v1.17.26
v1.17.27
v1.17.28
v1.17.29
v1.17.30
v1.17.31
v1.17.32
v1.17.33
v1.17.34
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.17.8
v1.17.9
v1.19.1
v1.19.10
v1.19.11
v1.19.12
v1.19.13
v1.19.14
v1.19.15
v1.19.16
v1.19.17
v1.19.18
v1.19.19
v1.19.2
v1.19.20
v1.19.21
v1.19.22
v1.19.23
v1.19.24
v1.19.25
v1.19.26
v1.19.27
v1.19.28
v1.19.29
v1.19.3
v1.19.30
v1.19.31
v1.19.32
v1.19.34
v1.19.35
v1.19.36
v1.19.37
v1.19.38
v1.19.39
v1.19.4
v1.19.40
v1.19.41
v1.19.42
v1.19.43
v1.19.44
v1.19.45
v1.19.46
v1.19.47
v1.19.48
v1.19.49
v1.19.5
v1.19.50
v1.19.51
v1.19.52
v1.19.53
v1.19.54
v1.19.55
v1.19.56
v1.19.57
v1.19.58
v1.19.59
v1.19.6
v1.19.60
v1.19.61
v1.19.62
v1.19.63
v1.19.64
v1.19.65
v1.19.66
v1.19.67
v1.19.8
v1.19.9
v1.2.0
v1.2.1
v1.2.2
v1.21.1
v1.21.10
v1.21.11
v1.21.12
v1.21.13
v1.21.14
v1.21.15
v1.21.16
v1.21.17
v1.21.18
v1.21.19
v1.21.2
v1.21.20
v1.21.21
v1.21.22
v1.21.23
v1.21.24
v1.21.25
v1.21.26
v1.21.27
v1.21.28
v1.21.29
v1.21.3
v1.21.30
v1.21.31
v1.21.32
v1.21.33
v1.21.34
v1.21.35
v1.21.36
v1.21.37
v1.21.38
v1.21.4
v1.21.40
v1.21.41
v1.21.42
v1.21.43
v1.21.44
v1.21.45
v1.21.46
v1.21.47
v1.21.48
v1.21.49
v1.21.5
v1.21.50
v1.21.51
v1.21.52
v1.21.53
v1.21.54
v1.21.55
v1.21.56
v1.21.57
v1.21.58
v1.21.59
v1.21.6
v1.21.60
v1.21.61
v1.21.62
v1.21.63
v1.21.64
v1.21.65
v1.21.66
v1.21.67
v1.21.68
v1.21.69
v1.21.7
v1.21.8
v1.21.9
v1.23.1
v1.23.11
v1.23.12
v1.23.13
v1.23.14
v1.23.15
v1.23.17
v1.23.18
v1.23.19
v1.23.2
v1.23.20
v1.23.21
v1.23.22
v1.23.23
v1.23.24
v1.23.25
v1.23.26
v1.23.27
v1.23.28
v1.23.29
v1.23.3
v1.23.30
v1.23.31
v1.23.32
v1.23.33
v1.23.34
v1.23.35
v1.23.36
v1.23.37
v1.23.38
v1.23.39
v1.23.4
v1.23.40
v1.23.41
v1.23.42
v1.23.43
v1.23.44
v1.23.45
v1.23.46
v1.23.47
v1.23.48
v1.23.49
v1.23.5
v1.23.50
v1.23.51
v1.23.52
v1.23.53
v1.23.54
v1.23.55
v1.23.56
v1.23.57
v1.23.58
v1.23.59
v1.23.6
v1.23.60
v1.23.61
v1.23.62
v1.23.63
v1.23.64
v1.23.65
v1.23.66
v1.23.67
v1.23.68
v1.23.69
v1.23.7
v1.23.70
v1.23.71
v1.23.72
v1.23.73
v1.23.74
v1.23.75
v1.23.76
v1.23.77
v1.23.78
v1.23.8
v1.23.9
v1.24.0-RC3
v1.24.1
v1.4.1
v1.6.1
v1.6.2
v1.8.1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-28109-68d8a46e",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "core/src/main/java/org/verapdf/policy/PolicyChecker.java"
        },
        "digest": {
            "line_hashes": [
                "224328017688963579429047543276332622691",
                "253495606006731938297965456417576031596",
                "208107536836371313768515420362726076099",
                "240578709705639387227594024464916772965",
                "94024315187233117371038954304987097606",
                "225769169320645258892164601130407247295",
                "64794483530284407491848938715549914885",
                "272800470640206410122280763977004664587",
                "156932971524137884292793579576906935401",
                "107189704998523357392636661063618605730",
                "119601254455757965076760477389806806194",
                "138166216149321281900164122458489691970",
                "11943939343719906000813310495673874763",
                "35300549163924853715016977494395208438",
                "248599257197480896120833193527092472669",
                "261200544252286114637012428144588156977"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/verapdf/verapdf-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"
    },
    {
        "id": "CVE-2024-28109-858db0b5",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "core/src/main/java/org/verapdf/report/XsltTransformer.java"
        },
        "digest": {
            "line_hashes": [
                "314024327165131025719359155641703627087",
                "153485509858851554164757819449810500174",
                "99671310537622811683114623434531180964",
                "278856627166843397374098825868273035592",
                "94024315187233117371038954304987097606",
                "68401101661147721262409273196762375016",
                "212316229998943900538346054529279408659",
                "238550609166701848284992526505467900221",
                "222855551540734671196943360343421868759",
                "165860902596739093650826672912782776156",
                "135630607161910714903073014893185802371"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/verapdf/verapdf-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"
    },
    {
        "id": "CVE-2024-28109-939a9246",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "core/src/main/java/org/verapdf/policy/SchematronPipeline.java"
        },
        "digest": {
            "line_hashes": [
                "258197942930372520807232347724110843674",
                "321517328457344202773345465738423935872",
                "55691878878564924380722908300775341661",
                "128811363057000024621762920757818299371",
                "104857820877417341818050995754102403058",
                "8321216550991638146802355065206854513",
                "4654243613873196762169853584461005995",
                "243272454754186338166362573584960041911",
                "321699211789779336595589911859547959141",
                "276631690930558555844825754640543527160"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/verapdf/verapdf-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"
    },
    {
        "id": "CVE-2024-28109-dc4351d9",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "core/src/main/java/org/verapdf/policy/SchematronPipeline.java",
            "function": "getTransformerFactory"
        },
        "digest": {
            "function_hash": "77615674395939447696874967233975857252",
            "length": 108.0
        },
        "source": "https://github.com/verapdf/verapdf-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe"
    }
]