Filtered by vendor Diagrams
Subscriptions
Filtered by product Drawio
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1723 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | ||||
| CVE-2022-1722 | 1 Diagrams | 1 Drawio | 2024-11-21 | 3.3 Low |
| SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses | ||||
| CVE-2022-1721 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. | ||||
| CVE-2022-1713 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. | ||||
| CVE-2022-1711 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. | ||||
| CVE-2022-1575 | 1 Diagrams | 1 Drawio | 2024-11-21 | 9.6 Critical |
| Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. | ||||