202 matches found
CVE-2022-1713
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information...
CVE-2022-1721
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
CVE-2022-1722
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...
CVE-2022-1722
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...
Path traversal
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
Server side request forgery (ssrf)
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information...
CVE-2022-1713 SSRF on /proxy in jgraph/drawio
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information...
CVE-2022-1713
CVE-2022-1713 affects jgraph/drawio prior to 18.0.4. The connected Nuclei template confirms a Server-Side Request Forgery (SSRF) at the /proxy endpoint, allowing an attacker to make requests as the server and read contents, enabling potential data leakage. Impact is described as reading internal ...
CVE-2022-1713 SSRF on /proxy in jgraph/drawio
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information...
CVE-2022-1721 Path Traversal in WellKnownServlet in jgraph/drawio
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
CVE-2022-1721 Path Traversal in WellKnownServlet in jgraph/drawio
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
CVE-2022-1721
CVE-2022-1721 affects the draw.io/jgraph WellKnownServlet. The vulnerability is a path traversal flaw in WellKnownServlet that can read local files of the web application, affecting versions prior to 18.0.5. The issue arises from serving requested resources via the servlet, enabling disclosure of...
CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...
CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...
CVE-2022-1722
CVE-2022-1722 describes an SSRF issue in the editor’s proxy of JGraph Draw.io (jgraph/drawio) prior to version 18.0.5. The vulnerability arises from failing to filter IPv6 link-local addresses, allowing SSRF requests to internal link-local IPv6 addresses (fe80::/10). Affected component is the edi...
PT-2022-14065 · Jgraph · Jgraph/Drawio
Name of the Vulnerable Software and Affected Versions: jgraph/drawio versions prior to 18.0.4 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability on the /proxy endpoint in the jgraph/drawio GitHub repository. This allows an attacker to make a request as the serve...
JGraph draw.io 代码问题漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 18.0.5 that stems from a server-side request forgery vulnerability in IPv6 link-local addresses...
JGraph draw.io 代码问题漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 18.0.4. An attacker could exploit the vulnerability to make a request through the server and read its contents, which could lead to the...
JGraph draw.io 路径遍历漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io prior to version 18.0.5, which stems from a path traversal vulnerability in WellKnownServlet. An attacker could use this vulnerability to read local files of ...
CVE-2022-1575
CVE-2022-1575 affects JGraph Draw.io (jgraph/drawio) including the desktop and web apps, due to a sanitizer bypass in the core library. The underlying issue is a mutation XSS in the sanitizer (Graph.sanitizeHtml), enabling arbitrary code execution in the desktop app and stored XSS in the web app....