7 matches found
CVE-2022-1721
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
Path traversal
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
CVE-2022-1721 Path Traversal in WellKnownServlet in jgraph/drawio
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
CVE-2022-1721 Path Traversal in WellKnownServlet in jgraph/drawio
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
PT-2022-14072 · Drawio · Drawio
Name of the Vulnerable Software and Affected Versions: drawio versions prior to 18.0.5 Description: The issue allows for path traversal in the WellKnownServlet, enabling the reading of local files of the web application. This can potentially lead to sensitive information disclosure...
JGraph draw.io 路径遍历漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io prior to version 18.0.5, which stems from a path traversal vulnerability in WellKnownServlet. An attacker could use this vulnerability to read local files of ...
Path Traversal in WellKnownServlet
Description The WellKnownServlet is vulnerable to path traversal. This allows reading local files. For example the files in WEB-INF that contain secrets and API keys can be read. https://github.com/jgraph/drawio/blob/v18.0.4/src/main/java/com/mxgraph/online/WellKnownServlet.javaL40-L66 java Strin...