202 matches found
CVE-2022-1721
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
CVE-2022-1784
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...
CVE-2022-1713
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information...
CVE-2022-1722
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...
CVE-2022-1575
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary remote code execution in the desktop app. - Stored XSS in the web app...
CVE-2022-1711
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.5...
CVE-2022-2014
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2...
CVE-2023-3974
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2023-3973
Cross-site Scripting XSS - Reflected in GitHub repository jgraph/drawio prior to 21.6.3...
Command injection
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2023-3975 OS Command Injection in jgraph/drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0...
CVE-2023-3975
CVE-2023-3975 affects jgraph/drawio before 21.5.0, with an OS command injection vulnerability. Public descriptions indicate an insecure configuration pathway where crafted library previews and IPC/DS mechanisms enable execution of arbitrary commands on the host. The connected material outlines an...
CVE-2023-3975 OS Command Injection in jgraph/drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0...
CVE-2023-3975 OS Command Injection in jgraph/drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0...
CVE-2023-3974
The CVE-2023-3974 issue affects jgraph/drawio prior to 21.4.0, where saving drafts in the desktop app can trigger an OS command injection due to using spawn with shell: true. The Red Hat/NVD entries describe OS command injection risk with the affected desktop release, and PoCs illustrate commands...
CVE-2023-3974 OS Command Injection in jgraph/drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2023-3974 OS Command Injection in jgraph/drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2023-3974 OS Command Injection in jgraph/drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2023-3973 Cross-site Scripting (XSS) - Reflected in jgraph/drawio
Cross-site Scripting XSS - Reflected in GitHub repository jgraph/drawio prior to 21.6.3...
CVE-2023-3973 Cross-site Scripting (XSS) - Reflected in jgraph/drawio
Cross-site Scripting XSS - Reflected in GitHub repository jgraph/drawio prior to 21.6.3...