CVE-2022-1713

SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.

CVE-2022-1575

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

CVE-2022-1711

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.

CVE-2022-1767

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.

CVE-2022-1774

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.

CVE-2022-1730

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.

CVE-2022-1722

SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses

CVE-2022-1723

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.

CVE-2022-1727

Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.

CVE-2022-1784

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.

CVE-2022-1815

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.

CVE-2022-1721

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.