3 matches found
CVE-2022-1784 Server-Side Request Forgery (SSRF) in jgraph/drawio
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...
CVE-2022-1784 Server-Side Request Forgery (SSRF) in jgraph/drawio
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...
CVE-2022-1784
CVE-2022-1784 affects jgraph/drawio prior to 18.0.8 with a Server-Side Request Forgery (SSRF). The connected Huntr entry details an SSRF vector in EmbedServlet2.java where redirects are followed by default via url.openConnection(), and the redirections are not validated, enabling an attacker to r...