Lucene search

[email protected]NVD:CVE-2022-1575

HistoryMay 05, 2022 - 12:15 p.m.

CVE-2022-1575

2022-05-0512:15:07

CWE-94

CWE-79

[email protected]

web.nvd.nist.gov

arbitrary code execution

sanitizer bypass

github repository

drawio

stored xss

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

57.5%

JSON

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

Affected configurations

Nvd

Node

diagramsdrawioRange<18.0.0

References

github.com/jgraph/drawio/commit/f768ed73875d5eca20110b9c1d72f2789cd1bab7

huntr.dev/bounties/033d3423-eb05-4b53-a747-1bfcba873127

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

57.5%

JSON

Related for NVD:CVE-2022-1575

prion1 osv1 huntr1 cvelist1 cve1