CVE-2022-1379

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1379
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1379.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1379
Related
Published
2022-05-14T10:15:07Z
Modified
2025-07-02T00:16:08.146930Z
Downstream
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.

References

Affected packages

Git / github.com/plantuml/plantuml

Affected ranges

Type
GIT
Repo
https://github.com/plantuml/plantuml
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
93e5964e5f35914f3f7b89de620c596795550083

Affected versions

v1.*

v1.2017.12
v1.2017.13
v1.2017.14
v1.2017.15
v1.2017.17
v1.2017.18
v1.2017.19
v1.2017.20
v1.2018.0
v1.2018.1
v1.2018.10
v1.2018.11
v1.2018.12
v1.2018.13
v1.2018.14
v1.2018.2
v1.2018.3
v1.2018.4
v1.2018.5
v1.2018.6
v1.2018.7
v1.2018.8
v1.2018.9
v1.2019.0
v1.2019.1
v1.2019.10
v1.2019.11
v1.2019.12
v1.2019.13
v1.2019.2
v1.2019.4
v1.2019.5
v1.2019.6
v1.2019.7
v1.2019.8
v1.2019.9
v1.2020.0
v1.2020.1
v1.2020.10
v1.2020.11
v1.2020.12
v1.2020.13
v1.2020.14
v1.2020.15
v1.2020.16
v1.2020.17
v1.2020.18
v1.2020.19
v1.2020.2
v1.2020.20
v1.2020.21
v1.2020.22
v1.2020.23
v1.2020.24
v1.2020.26
v1.2020.3
v1.2020.4
v1.2020.6
v1.2020.7
v1.2020.8
v1.2020.9
v1.2021.0
v1.2021.1
v1.2021.10
v1.2021.12
v1.2021.13
v1.2021.14
v1.2021.15
v1.2021.16
v1.2021.2
v1.2021.3
v1.2021.4
v1.2021.5
v1.2021.6
v1.2021.7
v1.2021.8
v1.2021.9
v1.2022.0
v1.2022.1
v1.2022.2
v1.2022.3
v1.2022.4

v2017.*

v2017.08
v2017.09
v2017.11

Other

v8059