Vulnerabilities (CVE)

Filtered by vendor Diagrams Subscribe

Filtered by product Draw.io

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-1727	1 Diagrams	1 Draw.io	2022-05-26	6.8 MEDIUM	8.8 HIGH
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-1767	1 Diagrams	1 Draw.io	2022-05-26	5.0 MEDIUM	7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.
CVE-2022-1721	1 Diagrams	1 Draw.io	2022-05-25	5.0 MEDIUM	7.5 HIGH
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
CVE-2022-1713	1 Diagrams	1 Draw.io	2022-05-25	5.0 MEDIUM	7.5 HIGH
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.