CVE-2022-1727

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1727

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1727.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1727

Published

2022-05-18T10:25:12Z

Modified

2025-12-04T10:04:28.778440Z

Severity

8.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L CVSS Calculator

Summary

Improper Input Validation in jgraph/drawio

Details

Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.

Database specific

{
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "@huntrdev",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1727.json"
}

References

Affected packages

Git / github.com/jgraph/drawio

Affected ranges

Type: GIT
Repo: https://github.com/jgraph/drawio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7a68ebe22a64fe722704e9c4527791209fee2034

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/com/mxgraph/online/ProxyServlet.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2022-1727-0c755f28",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "164155823941122811094206771109182857156",
                "160245533420630306738574130833110962116",
                "69537947226551834764849017207855885304",
                "256138604713525548233859977297912413006",
                "261592975307050661345000838845017390020",
                "160649243384328167964986901394892749337",
                "265035229583910093886205732353666023363",
                "97062798482907890118121703032367685220",
                "309787166511801691393727171432354311978",
                "29966799198208054064111240605085231578",
                "77148685567998068339191760980790025489",
                "96833048858522631637303464144216997796",
                "326021522153828071290735822908408265198",
                "173984242761915017864013463251696487560",
                "7077295916910783279927582934244477390",
                "57296694253388220070661863787744675413",
                "136259726501917211777681163015388886953",
                "11003448139235649482610613310846732311",
                "336304217963182856223863799499394797274",
                "30332039101023304224056603058444569380",
                "233655938932811998966679757240175566971",
                "303854268073467366786750224261515890931",
                "198206493885392075088385474975895137689",
                "102644286750607194763122560714049441361",
                "115385697184160537077059955801219630316",
                "202736063595184188205335787972583193062",
                "284884027592292738296825309661191285306",
                "160363404909952055706312752580621663826",
                "40476685730975843371065815345167508907",
                "298858127178227798993449599869642660093",
                "337206035943752135576863116377705752749",
                "86040464160842229292572306902721907048",
                "314407095552115460216069433762297564549",
                "286990117545344243044723900401037855821",
                "141142719025590306306861712860538540807",
                "291694686803915307371944680918345139881",
                "220361610363521844264175547859921160531",
                "151150785773846794353123437149140923476",
                "256907329685055296262392615869365654928",
                "302653323330036251404502006547641889315",
                "339813008784272125622725954150511727287",
                "291249668454773756444297454685964477627",
                "123347922536996524054602747117810201018",
                "201017225777517058754503072801214966566",
                "257154514531125953515623984148629544429",
                "224541562069207046483428491485845991295",
                "269173054973854174006734530253760407762",
                "105698365468799058616979564114073776039",
                "22582915566064427196586184366542285660",
                "96564587493499337530549399215292961106",
                "170350026867361332390902886188251660187",
                "163196146075082133289968433481822127035",
                "320198762233207870809554170545882608022",
                "275843038853264120213702041065157455923",
                "61925296753831523880039389891853963333",
                "319560539808195680466630226056240530983",
                "96994857772813162760428750149043420611",
                "191412961107437614749968143561852546873",
                "73027706264393145164868602638837464148",
                "16443198381314653050418241569722234836",
                "229611626092962963990444451975600517466",
                "24092105528038434399722024076327272691",
                "29658176316503478691749580117014027119",
                "291289631778490781097480299717931643655",
                "239436057119325947728146148018967655899",
                "189537775409323468863744292565699794737",
                "116136237777338686928879407449425903630",
                "205908048318136602793515778745749584901",
                "3833489447582922933515943945682569469",
                "46663338904461027072266435916317567976",
                "267112620663868498096351728086508784683",
                "319892909989994938184130715676254879520",
                "70688350822016584305501734175344091000",
                "333074141710635353878506192750459148821",
                "8797560133126571071926280780137747383",
                "9476403789332508322309529007711544206",
                "319892909989994938184130715676254879520",
                "53602006965131313275948757485882188140",
                "124696668138895091983265742346440679896",
                "86704469066385759685475713599255917922"
            ]
        }
    },
    {
        "source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
        "signature_type": "Function",
        "target": {
            "function": "doGet",
            "file": "src/main/java/com/mxgraph/online/ProxyServlet.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2022-1727-37ea606e",
        "digest": {
            "length": 3143.0,
            "function_hash": "141910437561537392357251497548541515732"
        }
    },
    {
        "source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
        "signature_type": "Function",
        "target": {
            "function": "createEmbedJavaScript",
            "file": "src/main/java/com/mxgraph/online/EmbedServlet2.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2022-1727-5aafc2b1",
        "digest": {
            "length": 2980.0,
            "function_hash": "70734982879289325195397943003026944976"
        }
    },
    {
        "source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/com/mxgraph/online/EmbedServlet2.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2022-1727-7922b1aa",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "254901894573392985582815124475057490047",
                "301922167397901805653990100216462167147",
                "304899232228681989608537594468147398261",
                "140457640227654241827563381296250487990"
            ]
        }
    },
    {
        "source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/com/mxgraph/online/Utils.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2022-1727-8cffbb40",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "317159762213973568379739420242861351150",
                "314418024365988260533013107304308908102",
                "245037510416052164030539075216835323001",
                "257647301532277619012957194131952782064",
                "168624672651464988635778110615366986027",
                "319892909989994938184130715676254879520",
                "335391923332883398951730313256478179123"
            ]
        }
    }
]