cbcvebase.

Jgraph Drawio vulnerabilities

26 known vulnerabilities affecting jgraph/jgraph_drawio.

Total CVEs
26
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH11MEDIUM11LOW1

Vulnerabilities

Page 1 of 2
CVE-2022-1713P3HIGHCVSS 7.5PoC≥ unspecified, < 18.0.42022-05-16
CVE-2022-1713 [HIGH] CWE-918 CVE-2022-1713: SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
nvd
CVE-2022-1815P3HIGHCVSS 7.5PoC≥ unspecified, < 18.1.22022-05-25
CVE-2022-1815 [HIGH] CWE-200 CVE-2022-1815: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
nvd
CVE-2022-1711P3HIGHCVSS 7.5PoC≥ unspecified, < 18.0.52022-05-17
CVE-2022-1711 [HIGH] CWE-918 CVE-2022-1711: Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
nvd
CVE-2023-3975P3CRITICALCVSS 9.8≥ unspecified, < 21.5.02023-07-27
CVE-2023-3975 [CRITICAL] CWE-78 CVE-2023-3975: OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.
nvd
CVE-2023-3974P3CRITICALCVSS 9.8≥ unspecified, < 21.4.02023-07-27
CVE-2023-3974 [CRITICAL] CWE-78 CVE-2023-3974: OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.
nvd
CVE-2022-1575P3CRITICALCVSS 9.6≥ unspecified, < 18.0.02022-05-05
CVE-2022-1575 [CRITICAL] CWE-94 CVE-2022-1575: Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0 Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.
nvd
CVE-2022-1727P3HIGHCVSS 8.8≥ unspecified, < 18.0.62022-05-18
CVE-2022-1727 [HIGH] CWE-20 CVE-2022-1727: Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
nvd
CVE-2022-1721P3HIGHCVSS 7.5≥ unspecified, < 18.0.52022-05-16
CVE-2022-1721 [HIGH] CWE-22 CVE-2022-1721: Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local fi Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
nvd
CVE-2022-1767P3HIGHCVSS 7.5≥ unspecified, < 18.0.72022-05-18
CVE-2022-1767 [HIGH] CWE-918 CVE-2022-1767: Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.
nvd
CVE-2022-1784P3HIGHCVSS 7.5≥ unspecified, < 18.0.82022-05-20
CVE-2022-1784 [HIGH] CWE-918 CVE-2022-1784: Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.
nvd
CVE-2022-3133P3HIGHCVSS 7.8≥ unspecified, < 20.3.02022-09-09
CVE-2022-3133 [HIGH] CWE-78 CVE-2022-3133: OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0. OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.
nvd
CVE-2022-1723P3HIGHCVSS 7.5≥ unspecified, < 18.0.62022-05-17
CVE-2022-1723 [HIGH] CWE-918 CVE-2022-1723: Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
nvd
CVE-2022-3065P3HIGHCVSS 7.5≥ unspecified, < 20.2.82022-09-02
CVE-2022-3065 [HIGH] CWE-284 CVE-2022-3065: Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.
nvd
CVE-2023-3398P4HIGHCVSS 7.5≥ unspecified, < 18.1.32023-06-26
CVE-2023-3398 [HIGH] CWE-400 CVE-2023-3398: Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.
nvd
CVE-2022-1774P4MEDIUMCVSS 6.1≥ unspecified, < 18.0.72022-05-18
CVE-2022-1774 [MEDIUM] CWE-200 CVE-2022-1774: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
nvd
CVE-2022-2014P4MEDIUMCVSS 5.4≥ unspecified, < 19.0.22022-06-09
CVE-2022-2014 [MEDIUM] CWE-94 CVE-2022-2014: Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.
nvd
CVE-2023-3026P4MEDIUMCVSS 6.1≥ unspecified, < 21.2.82023-06-01
CVE-2023-3026 [MEDIUM] CWE-79 CVE-2023-3026: Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8. Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8.
nvd
CVE-2022-3873P4MEDIUMCVSS 6.1≥ unspecified, < 20.5.22022-11-07
CVE-2022-3873 [MEDIUM] CWE-79 CVE-2022-3873: Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.
nvd
CVE-2022-3223P4MEDIUMCVSS 6.1≥ unspecified, < 20.3.12022-09-16
CVE-2022-3223 [MEDIUM] CWE-79 CVE-2022-3223: Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1. Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.
nvd
CVE-2022-3138P4MEDIUMCVSS 6.1≥ unspecified, < 20.3.02022-09-08
CVE-2022-3138 [MEDIUM] CWE-79 CVE-2022-3138: Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
nvd
Jgraph Drawio vulnerabilities | cvebase