Open mend-for-github-com[bot] opened 2 years ago
Cybersecurity Evaluation Tool
Library home page: https://github.com/cisagov/cset.git
Found in base branch: master
/CSETWebApi/CSETWeb_Api/CSETWeb_Api/Diagram/src/main/java/com/mxgraph/online/EmbedServlet2.java
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
Publish Date: 2022-05-17
URL: CVE-2022-1723
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://huntr.dev/bounties/619851a4-2a08-4196-80e9-ab41953491d8/
Release Date: 2022-05-17
Fix Resolution: v18.0.6
CVE-2022-1723 - High Severity Vulnerability
Cybersecurity Evaluation Tool
Library home page: https://github.com/cisagov/cset.git
Found in base branch: master
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
Publish Date: 2022-05-17
URL: CVE-2022-1723
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://huntr.dev/bounties/619851a4-2a08-4196-80e9-ab41953491d8/
Release Date: 2022-05-17
Fix Resolution: v18.0.6