CVE-2022-1379 URL Restriction Bypass in plantuml/plantuml

🗓️ 14 May 2022 09:55:09Reported by GoogleType

osv🔗 osv.dev👁 24 Views

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers

Reporter	Title	Published	Views	Family All 21
Huntr	URL Restriction Bypass	10 Apr 202214:30	–	huntr
ATTACKERKB	CVE-2022-1379	14 May 202210:15	–	attackerkb
Circl	CVE-2022-1379	14 May 202214:33	–	circl
CNNVD	PlantUML 代码问题漏洞	14 May 202200:00	–	cnnvd
CVE	CVE-2022-1379	14 May 202209:55	–	cve
Cvelist	CVE-2022-1379 URL Restriction Bypass in plantuml/plantuml	14 May 202209:55	–	cvelist
Debian CVE	CVE-2022-1379	14 May 202209:55	–	debiancve
EUVD	EUVD-2022-24699	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 36 Update: plantuml-1.2022.5-1.fc36	25 May 202201:05	–	fedora
Fedora	[SECURITY] Fedora 35 Update: plantuml-1.2022.5-1.fc35	25 May 202201:24	–	fedora

Source	Link
huntr	www.huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1379.json
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHUE4G5CAJUD7L2QPJF6U4JYQTP7CNNL/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4DP36G2VBOZUNQIUZ5LVJKZIVO4SDAI/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-1379
github	www.github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083

11 Apr 2026 22:13Current

7.3High risk

Vulners AI Score7.3

CVSS 37.2

EPSS0.01514