CVE-2022-1575

Summary

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

Affected Software

VendorProductVersion RangeStatus
jgraphjgraph/drawiounspecified < 18.0.0affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code

ADP Enrichment

CVE Program Container

Additional References

References