Show filters
26 Total Results
Displaying 21-26 of 26
Sort by:
Attacker Value
Unknown
CVE-2022-1711
Disclosure Date: May 17, 2022 (last updated February 23, 2025)
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
0
Attacker Value
Unknown
CVE-2022-1723
Disclosure Date: May 17, 2022 (last updated February 23, 2025)
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
0
Attacker Value
Unknown
CVE-2022-1722
Disclosure Date: May 16, 2022 (last updated February 23, 2025)
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
0
Attacker Value
Unknown
CVE-2022-1721
Disclosure Date: May 16, 2022 (last updated February 23, 2025)
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
0
Attacker Value
Unknown
CVE-2022-1713
Disclosure Date: May 16, 2022 (last updated February 23, 2025)
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
0
Attacker Value
Unknown
CVE-2022-1575
Disclosure Date: May 05, 2022 (last updated February 23, 2025)
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.
0
