Drawio 漏洞列表
共找到 5 个与 Drawio 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2022-1713: Drawio <18.0.4 - Server-Side Request Forgery POC
Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. -
CVE-2022-1815: Drawio <18.1.2 - Server-Side Request Forgery POC
Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. -
CVE-2022-1713: Drawio <18.0.4 - Server-Side Request Forgery POC
Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. -
CVE-2022-1815: Drawio <18.1.2 - Server-Side Request Forgery POC
Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. -
drawio SSRF(CVE-2022-1713) 无POC
18.0.4 之前 GitHub 存储库 jgraph/drawio 中 /proxy 上的SSRF。攻击者可以作为服务器发出请求并读取其内容。这可能导致敏感信息泄露