Lucene search

@huntrdevCVELIST:CVE-2022-1721

HistoryMay 16, 2022 - 2:31 p.m.

CVE-2022-1721 Path Traversal in WellKnownServlet in jgraph/drawio

2022-05-1614:31:26

CWE-22

@huntrdev

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

49.0%

JSON

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.

CNA Affected

[
  {
    "product": "jgraph/drawio",
    "vendor": "jgraph",
    "versions": [
      {
        "lessThan": "18.0.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/jgraph/drawio/commit/01ccb271d34258872b859c0fc1d253cc81341917

huntr.dev/bounties/000931cc-6d0e-4a4f-b4d8-4ba46ba0e699

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

49.0%

JSON

Related for CVELIST:CVE-2022-1721