https://app.diagrams.net/embed2.js?&fetch= is used to fetch data and i tried to perform ssrf by extracting google cloud metadata but was unable to do but i am still able to fetch server files like /etc/passwd.
1. Visit https://app.diagrams.net/embed2.js?&fetch=
2. Enter file:///etc/passwd in fetch parameter and see the content of /etc/passwd is fetched in url encoded format.
3. Decode the url data and you can see the contents of /etc/passwd where the server is hosted.