CVE-2022-1713

Summary

SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.

Affected Software

VendorProductVersion RangeStatus
jgraphjgraph/drawiounspecified < 18.0.4affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References