5 matches found
CVE-2023-3974
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2023-3974 OS Command Injection in jgraph/drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2023-3974 OS Command Injection in jgraph/drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2023-3974 OS Command Injection in jgraph/drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2023-3974
The CVE-2023-3974 issue affects jgraph/drawio prior to 21.4.0, where saving drafts in the desktop app can trigger an OS command injection due to using spawn with shell: true. The Red Hat/NVD entries describe OS command injection risk with the affected desktop release, and PoCs illustrate commands...