CVE-2022-1713

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-1713

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1713.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1713

Published

2022-05-16T14:31:52Z

Modified

2026-04-10T04:42:50.621258Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

SSRF on /proxy in jgraph/drawio

Details

SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.

Database specific

{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1713.json"
}

References

Affected packages

Git / github.com/jgraph/drawio

Affected ranges

Type: GIT
Repo: https://github.com/jgraph/drawio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4deecee18191f67e242422abf3ca304e19e49687

Affected versions

v11.*

v11.1.5

v11.2.0

v11.2.1

v11.2.2

v11.2.4

v11.2.5

v11.2.6

v11.2.7

v11.2.8

v11.2.9

v11.3.0

v11.3.1

v11.3.2

v12.*

v12.0.0

v12.1.0

v12.1.1

v12.1.2

v12.1.3

v12.1.4

v12.1.5

v12.1.6

v12.1.7

v12.1.8

v12.1.9

v12.2.0

v12.2.1

v12.2.2

v12.2.3

v12.2.4

v12.2.7

v12.2.8

v12.2.9

v12.3.0

v12.3.1

v12.3.2

v12.3.3

v12.3.4

v12.3.5

v12.3.6

v12.3.7

v12.3.9

v12.4.0

v12.4.1

v12.4.2

v12.4.3

v12.4.4

v12.4.5

v12.4.6

v12.4.7

v12.4.8

v12.5.0

v12.5.1

v12.5.2

v12.5.3

v12.5.4

v12.5.5

v12.5.7

v12.5.8

v12.6.1

v12.6.3

v12.6.4

v12.6.5

v12.6.7

v12.6.8

v12.7.0

v12.7.1

v12.7.2

v12.7.3

v12.7.4

v12.7.8

v12.7.9

v12.8.0

v12.8.1

v12.8.2

v12.8.3

v12.8.5

v12.8.6

v12.9.1

v12.9.10

v12.9.11

v12.9.12

v12.9.13

v12.9.14

v12.9.2

v12.9.3

v12.9.4

v12.9.5

v12.9.6

v12.9.7

v12.9.8

v12.9.9

v13.*

v13.0.0

v13.0.1

v13.0.2

v13.0.3

v13.0.4

v13.0.6

v13.0.7

v13.0.8

v13.0.9

v13.1.1

v13.1.13

v13.1.14

v13.1.2

v13.1.3

v13.1.4

v13.1.7

v13.1.8

v13.1.9

v13.10.0

v13.10.1

v13.10.2

v13.10.4

v13.10.5

v13.10.6

v13.10.9

v13.11.0

v13.2.0

v13.2.1

v13.2.2

v13.2.3

v13.2.4

v13.2.5

v13.3.0

v13.3.1

v13.3.3

v13.3.4

v13.3.5

v13.3.6

v13.3.7

v13.3.8

v13.3.9

v13.4.0

v13.4.1

v13.4.2

v13.4.3

v13.4.4

v13.4.5

v13.4.6

v13.4.7

v13.4.8

v13.4.9

v13.5.0

v13.5.1

v13.5.2

v13.5.3

v13.5.4

v13.5.5

v13.5.6

v13.5.7

v13.5.8

v13.5.9

v13.6.0

v13.6.1

v13.6.10

v13.6.2

v13.6.3

v13.6.4

v13.6.5

v13.6.6

v13.6.7

v13.6.8

v13.6.9

v13.7.0

v13.7.2

v13.7.3

v13.7.4

v13.7.5

v13.7.6

v13.7.7

v13.7.8

v13.7.9

v13.8.0

v13.8.1

v13.8.2

v13.8.3

v13.8.5

v13.8.6

v13.8.7

v13.8.8

v13.8.9

v13.9.0

v13.9.1

v13.9.4

v13.9.5

v13.9.7

v13.9.8

v13.9.9

v14.*

v14.0.0

v14.0.1

v14.0.2

v14.0.3

v14.0.4

v14.1.0

v14.1.1

v14.1.2

v14.1.3

v14.1.4

v14.1.5

v14.1.7

v14.1.8

v14.1.9

v14.2.2

v14.2.3

v14.2.4

v14.2.5

v14.2.6

v14.2.7

v14.2.8

v14.2.9

v14.3.0

v14.3.1

v14.3.2

v14.4.0

v14.4.2

v14.4.3

v14.4.4

v14.4.5

v14.4.6

v14.4.7

v14.4.8

v14.4.9

v14.5.0

v14.5.1

v14.5.2

v14.5.4

v14.5.5

v14.5.6

v14.5.7

v14.5.9

v14.6.0

v14.6.10

v14.6.13

v14.6.2

v14.6.5

v14.6.6

v14.6.8

v14.6.9

v14.7.0

v14.7.1

v14.7.10

v14.7.2

v14.7.3

v14.7.4

v14.7.5

v14.7.6

v14.7.7

v14.7.8

v14.7.9

v14.8.0

v14.8.2

v14.8.3

v14.8.4

v14.8.5

v14.8.6

v14.9.0

v14.9.1

v14.9.2

v14.9.3

v14.9.4

v14.9.5

v14.9.6

v14.9.7

v14.9.9

v15.*

v15.0.0

v15.0.1

v15.0.2

v15.0.3

v15.0.4

v15.0.5

v15.0.6

v15.1.0

v15.1.1

v15.1.2

v15.1.3

v15.1.4

v15.2.0

v15.2.1

v15.2.2

v15.2.5

v15.2.6

v15.2.7

v15.2.9

v15.3.0

v15.3.1

v15.3.2

v15.3.3

v15.3.4

v15.3.5

v15.3.6

v15.3.7

v15.3.8

v15.4.0

v15.4.1

v15.4.2

v15.4.3

v15.5.0

v15.5.1

v15.5.2

v15.5.4

v15.5.5

v15.5.7

v15.5.8

v15.5.9

v15.6.0

v15.6.1

v15.6.2

v15.6.3

v15.6.4

v15.6.5

v15.6.6

v15.6.8

v15.7.0

v15.7.1

v15.7.2

v15.7.3

v15.7.4

v15.8.0

v15.8.1

v15.8.3

v15.8.4

v15.8.5

v15.8.6

v15.8.7

v15.8.8

v15.8.9

v15.9.1

v15.9.3

v15.9.4

v15.9.5

v15.9.6

v16.*

v16.0.0

v16.0.2

v16.0.3

v16.1.0

v16.1.2

v16.1.3

v16.1.4

v16.2.1

v16.2.2

v16.2.3

v16.2.4

v16.2.6

v16.2.7

v16.3.0

v16.4.0

v16.4.11

v16.4.3

v16.4.5

v16.4.7

v16.4.8

v16.5.1

v16.5.2

v16.5.3

v16.5.4

v16.5.6

v16.6.0

v16.6.1

v16.6.2

v16.6.3

v16.6.4

v16.6.5

v16.6.6

v16.6.7

v16.6.8

v17.*

v17.0.0

v17.1.0

v17.1.1

v17.1.2

v17.1.3

v17.1.4

v17.1.5

v17.2.1

v17.2.2

v17.2.3

v17.2.4

v17.2.5

v17.3.0

v17.4.0

v17.4.1

v17.4.2

v17.4.3

v17.5.1

v18.*

v18.0.0

v18.0.1

v18.0.2

v18.0.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1713.json"