Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1721 | 1 Diagrams | 1 Draw.io | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. | |||||
| CVE-2022-1722 | 1 Diagrams | 1 Draw.io | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses | |||||
| CVE-2022-1767 | 1 Diagrams | 1 Draw.io | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-1713 | 1 Diagrams | 1 Draw.io | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. | |||||
| CVE-2022-1774 | 1 Diagrams | 1 Draw.io | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-1727 | 1 Diagrams | 1 Draw.io | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. | |||||