Insufficient Signature Validation
Affecting com.itextpdf:sign artifact, versions [,7.1.5)
com.itextpdf:sign is a itext7 sign package, used as part of the itext7 PDF parsing library.
Affected versions of this package are vulnerable to Insufficient Signature Validation.
It is possible to bypass the signature checker feature within
itext7 due to insufficient validation of the whole PDF document.
com.itextpdf:sign to version 7.1.5 or higher.
- Snyk ID
- 14 Dec, 2018
- 09 Jan, 2020