Drawio

drawio

Vendor: Diagrams • 26 CVEs

CVEs (26)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1711 1Diagrams 1Drawio Nov 21, 2024 May 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
CVE-2022-1723 1Diagrams 1Drawio Nov 21, 2024 May 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-1722 1Diagrams 1Drawio Nov 21, 2024 May 16, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
CVE-2022-1721 1Diagrams 1Drawio Nov 21, 2024 May 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
CVE-2022-1713 1Diagrams 1Drawio Nov 21, 2024 May 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
CVE-2022-1575 1Diagrams 1Drawio Nov 21, 2024 May 5, 2022 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.