draw.io 漏洞列表

共找到 2 个与 draw.io 相关的漏洞

📅 加载漏洞趋势中...

CVE-2022-1711: draw.io < 18.0.5 - Server Side Request Forgery (SSRF) POC

日期: 2025-08-01 | 影响软件: draw.io

Server-Side Request Forgery (SSRF) vulnerability in draw.io (also known as diagrams.net) prior to version 18.0.5 allows attackers to bypass URL validation restrictions in the ProxyServlet component. The vulnerability exists because the application does not properly validate URLs passed to its proxy endpoint, allowing attackers to make requests to internal services or external servers. This can lead to unauthorized access to internal resources and potential data exfiltration.
CVE-2022-1711: draw.io < 18.0.5 - Server Side Request Forgery (SSRF) POC

日期: 2025-08-01 | 影响软件: draw.io

Server-Side Request Forgery (SSRF) vulnerability in draw.io (also known as diagrams.net) prior to version 18.0.5 allows attackers to bypass URL validation restrictions in the ProxyServlet component. The vulnerability exists because the application does not properly validate URLs passed to its proxy endpoint, allowing attackers to make requests to internal services or external servers. This can lead to unauthorized access to internal resources and potential data exfiltration.