2 matches found
draw.io < 18.0.5 - Server Side Request Forgery (SSRF)
Server-Side Request Forgery SSRF vulnerability in draw.io also known as diagrams.net prior to version 18.0.5 allows attackers to bypass URL validation restrictions in the ProxyServlet component. The vulnerability exists because the application does not properly validate URLs passed to its proxy...
The vulnerability of the url.openConnection() method in Embed2 software, a service for creating drawio diagrams, allows a attacker to perform an SSRF attack.
The vulnerability of the url.openConnection method in Embed2 software, which is used for creating drawio diagrams, is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack by sending a specially crafted HTTP...