CVE-2022-1723
published 2022-05-17CVE-2022-1723: Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.64%
73.4th percentile
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| diagrams | drawio | < 18.0.6 | 18.0.6 |
| jgraph | jgraph_drawio | >= unspecified < 18.0.6 | 18.0.6 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vh6p-p447-hrrr: Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18
ghsa_unreviewed·2022-05-18
CVE-2022-1723 [HIGH] CWE-918 GHSA-vh6p-p447-hrrr: Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
CISA
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
cisa·2022-03-03·CVSS 9.8
CVE-2012-1723 [CRITICAL] Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Vulnerability: Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Affected: Oracle Java SE
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-1723
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-17
Published