Lucene search
@huntrdevCVELIST:CVE-2022-2014HistoryJun 08, 2022 - 7:25 a.m.
CVE-2022-2014 Code Injection in jgraph/drawio
2022-06-0807:25:11
CWE-94
@huntrdev
www.cve.org
5
code injection
drawio
github repository
cve-2022-2014
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
EPSS
0.001
Percentile
29.0%
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.
CNA Affected
[
{
"product": "jgraph/drawio",
"vendor": "jgraph",
"versions": [
{
"lessThan": "19.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-2014
2022-06-09 17:15:09
nvd
nvd
CVE-2022-2014
2022-06-09 17:15:09
osv
osv
CVE-2022-2014
2022-06-09 17:15:09
prion
prion
Code injection
2022-06-09 17:15:00
huntr
huntr
Client-Side RCE and Stored XSS via Unsafe Deserialization of Diagrams
2022-06-06 21:04:35
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
EPSS
0.001
Percentile
29.0%
Related for CVELIST:CVE-2022-2014