Security Apache PDFBox 1.8.11 / 2.0.0 / XML Injection May 27, 2016 007admin Leave a comment Apache PDFBox versions 1.8.0 through 1.8.11 and 2.0.0 suffer from an XML external entity injection vulnerability.