CVE-2022-1727
- Source
- https://cve.org/CVERecord?id=CVE-2022-1727
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1727.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-1727
- Published
- 2022-05-18T10:25:12Z
- Modified
- 2026-04-12T09:22:11.752487Z
- Severity
-
- 8.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L CVSS Calculator
- Summary
- Improper Input Validation in jgraph/drawio
- Details
-
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
- Database specific
{ "cna_assigner": "@huntrdev", "cwe_ids": [ "CWE-20" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1727.json" }- References
Affected packages
Git / github.com/jgraph/drawio
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jgraph/drawio
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v11.*
v11.1.5
v11.2.0
v11.2.1
v11.2.2
v11.2.4
v11.2.5
v11.2.6
v11.2.7
v11.2.8
v11.2.9
v11.3.0
v11.3.1
v11.3.2
v12.*
v12.0.0
v12.1.0
v12.1.1
v12.1.2
v12.1.3
v12.1.4
v12.1.5
v12.1.6
v12.1.7
v12.1.8
v12.1.9
v12.2.0
v12.2.1
v12.2.2
v12.2.3
v12.2.4
v12.2.7
v12.2.8
v12.2.9
v12.3.0
v12.3.1
v12.3.2
v12.3.3
v12.3.4
v12.3.5
v12.3.6
v12.3.7
v12.3.9
v12.4.0
v12.4.1
v12.4.2
v12.4.3
v12.4.4
v12.4.5
v12.4.6
v12.4.7
v12.4.8
v12.5.0
v12.5.1
v12.5.2
v12.5.3
v12.5.4
v12.5.5
v12.5.7
v12.5.8
v12.6.1
v12.6.3
v12.6.4
v12.6.5
v12.6.7
v12.6.8
v12.7.0
v12.7.1
v12.7.2
v12.7.3
v12.7.4
v12.7.8
v12.7.9
v12.8.0
v12.8.1
v12.8.2
v12.8.3
v12.8.5
v12.8.6
v12.9.1
v12.9.10
v12.9.11
v12.9.12
v12.9.13
v12.9.14
v12.9.2
v12.9.3
v12.9.4
v12.9.5
v12.9.6
v12.9.7
v12.9.8
v12.9.9
v13.*
v13.0.0
v13.0.1
v13.0.2
v13.0.3
v13.0.4
v13.0.6
v13.0.7
v13.0.8
v13.0.9
v13.1.1
v13.1.13
v13.1.14
v13.1.2
v13.1.3
v13.1.4
v13.1.7
v13.1.8
v13.1.9
v13.10.0
v13.10.1
v13.10.2
v13.10.4
v13.10.5
v13.10.6
v13.10.9
v13.11.0
v13.2.0
v13.2.1
v13.2.2
v13.2.3
v13.2.4
v13.2.5
v13.3.0
v13.3.1
v13.3.3
v13.3.4
v13.3.5
v13.3.6
v13.3.7
v13.3.8
v13.3.9
v13.4.0
v13.4.1
v13.4.2
v13.4.3
v13.4.4
v13.4.5
v13.4.6
v13.4.7
v13.4.8
v13.4.9
v13.5.0
v13.5.1
v13.5.2
v13.5.3
v13.5.4
v13.5.5
v13.5.6
v13.5.7
v13.5.8
v13.5.9
v13.6.0
v13.6.1
v13.6.10
v13.6.2
v13.6.3
v13.6.4
v13.6.5
v13.6.6
v13.6.7
v13.6.8
v13.6.9
v13.7.0
v13.7.2
v13.7.3
v13.7.4
v13.7.5
v13.7.6
v13.7.7
v13.7.8
v13.7.9
v13.8.0
v13.8.1
v13.8.2
v13.8.3
v13.8.5
v13.8.6
v13.8.7
v13.8.8
v13.8.9
v13.9.0
v13.9.1
v13.9.4
v13.9.5
v13.9.7
v13.9.8
v13.9.9
v14.*
v14.0.0
v14.0.1
v14.0.2
v14.0.3
v14.0.4
v14.1.0
v14.1.1
v14.1.2
v14.1.3
v14.1.4
v14.1.5
v14.1.7
v14.1.8
v14.1.9
v14.2.2
v14.2.3
v14.2.4
v14.2.5
v14.2.6
v14.2.7
v14.2.8
v14.2.9
v14.3.0
v14.3.1
v14.3.2
v14.4.0
v14.4.2
v14.4.3
v14.4.4
v14.4.5
v14.4.6
v14.4.7
v14.4.8
v14.4.9
v14.5.0
v14.5.1
v14.5.2
v14.5.4
v14.5.5
v14.5.6
v14.5.7
v14.5.9
v14.6.0
v14.6.10
v14.6.13
v14.6.2
v14.6.5
v14.6.6
v14.6.8
v14.6.9
v14.7.0
v14.7.1
v14.7.10
v14.7.2
v14.7.3
v14.7.4
v14.7.5
v14.7.6
v14.7.7
v14.7.8
v14.7.9
v14.8.0
v14.8.2
v14.8.3
v14.8.4
v14.8.5
v14.8.6
v14.9.0
v14.9.1
v14.9.2
v14.9.3
v14.9.4
v14.9.5
v14.9.6
v14.9.7
v14.9.9
v15.*
v15.0.0
v15.0.1
v15.0.2
v15.0.3
v15.0.4
v15.0.5
v15.0.6
v15.1.0
v15.1.1
v15.1.2
v15.1.3
v15.1.4
v15.2.0
v15.2.1
v15.2.2
v15.2.5
v15.2.6
v15.2.7
v15.2.9
v15.3.0
v15.3.1
v15.3.2
v15.3.3
v15.3.4
v15.3.5
v15.3.6
v15.3.7
v15.3.8
v15.4.0
v15.4.1
v15.4.2
v15.4.3
v15.5.0
v15.5.1
v15.5.2
v15.5.4
v15.5.5
v15.5.7
v15.5.8
v15.5.9
v15.6.0
v15.6.1
v15.6.2
v15.6.3
v15.6.4
v15.6.5
v15.6.6
v15.6.8
v15.7.0
v15.7.1
v15.7.2
v15.7.3
v15.7.4
v15.8.0
v15.8.1
v15.8.3
v15.8.4
v15.8.5
v15.8.6
v15.8.7
v15.8.8
v15.8.9
v15.9.1
v15.9.3
v15.9.4
v15.9.5
v15.9.6
v16.*
v16.0.0
v16.0.2
v16.0.3
v16.1.0
v16.1.2
v16.1.3
v16.1.4
v16.2.1
v16.2.2
v16.2.3
v16.2.4
v16.2.6
v16.2.7
v16.3.0
v16.4.0
v16.4.11
v16.4.3
v16.4.5
v16.4.7
v16.4.8
v16.5.1
v16.5.2
v16.5.3
v16.5.4
v16.5.6
v16.6.0
v16.6.1
v16.6.2
v16.6.3
v16.6.4
v16.6.5
v16.6.6
v16.6.7
v16.6.8
v17.*
v17.0.0
v17.1.0
v17.1.1
v17.1.2
v17.1.3
v17.1.4
v17.1.5
v17.2.1
v17.2.2
v17.2.3
v17.2.4
v17.2.5
v17.3.0
v17.4.0
v17.4.1
v17.4.2
v17.4.3
v17.5.1
v18.*
v18.0.0
v18.0.1
v18.0.2
v18.0.3
v18.0.4
v18.0.5
Database specific
vanir_signatures
[
{
"id": "CVE-2022-1727-0c755f28",
"signature_version": "v1",
"source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
"signature_type": "Line",
"target": {
"file": "src/main/java/com/mxgraph/online/ProxyServlet.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"164155823941122811094206771109182857156",
"160245533420630306738574130833110962116",
"69537947226551834764849017207855885304",
"256138604713525548233859977297912413006",
"261592975307050661345000838845017390020",
"160649243384328167964986901394892749337",
"265035229583910093886205732353666023363",
"97062798482907890118121703032367685220",
"309787166511801691393727171432354311978",
"29966799198208054064111240605085231578",
"77148685567998068339191760980790025489",
"96833048858522631637303464144216997796",
"326021522153828071290735822908408265198",
"173984242761915017864013463251696487560",
"7077295916910783279927582934244477390",
"57296694253388220070661863787744675413",
"136259726501917211777681163015388886953",
"11003448139235649482610613310846732311",
"336304217963182856223863799499394797274",
"30332039101023304224056603058444569380",
"233655938932811998966679757240175566971",
"303854268073467366786750224261515890931",
"198206493885392075088385474975895137689",
"102644286750607194763122560714049441361",
"115385697184160537077059955801219630316",
"202736063595184188205335787972583193062",
"284884027592292738296825309661191285306",
"160363404909952055706312752580621663826",
"40476685730975843371065815345167508907",
"298858127178227798993449599869642660093",
"337206035943752135576863116377705752749",
"86040464160842229292572306902721907048",
"314407095552115460216069433762297564549",
"286990117545344243044723900401037855821",
"141142719025590306306861712860538540807",
"291694686803915307371944680918345139881",
"220361610363521844264175547859921160531",
"151150785773846794353123437149140923476",
"256907329685055296262392615869365654928",
"302653323330036251404502006547641889315",
"339813008784272125622725954150511727287",
"291249668454773756444297454685964477627",
"123347922536996524054602747117810201018",
"201017225777517058754503072801214966566",
"257154514531125953515623984148629544429",
"224541562069207046483428491485845991295",
"269173054973854174006734530253760407762",
"105698365468799058616979564114073776039",
"22582915566064427196586184366542285660",
"96564587493499337530549399215292961106",
"170350026867361332390902886188251660187",
"163196146075082133289968433481822127035",
"320198762233207870809554170545882608022",
"275843038853264120213702041065157455923",
"61925296753831523880039389891853963333",
"319560539808195680466630226056240530983",
"96994857772813162760428750149043420611",
"191412961107437614749968143561852546873",
"73027706264393145164868602638837464148",
"16443198381314653050418241569722234836",
"229611626092962963990444451975600517466",
"24092105528038434399722024076327272691",
"29658176316503478691749580117014027119",
"291289631778490781097480299717931643655",
"239436057119325947728146148018967655899",
"189537775409323468863744292565699794737",
"116136237777338686928879407449425903630",
"205908048318136602793515778745749584901",
"3833489447582922933515943945682569469",
"46663338904461027072266435916317567976",
"267112620663868498096351728086508784683",
"319892909989994938184130715676254879520",
"70688350822016584305501734175344091000",
"333074141710635353878506192750459148821",
"8797560133126571071926280780137747383",
"9476403789332508322309529007711544206",
"319892909989994938184130715676254879520",
"53602006965131313275948757485882188140",
"124696668138895091983265742346440679896",
"86704469066385759685475713599255917922"
]
},
"deprecated": false
},
{
"id": "CVE-2022-1727-37ea606e",
"signature_version": "v1",
"source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
"signature_type": "Function",
"target": {
"file": "src/main/java/com/mxgraph/online/ProxyServlet.java",
"function": "doGet"
},
"digest": {
"function_hash": "141910437561537392357251497548541515732",
"length": 3143.0
},
"deprecated": false
},
{
"id": "CVE-2022-1727-5aafc2b1",
"signature_version": "v1",
"source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
"signature_type": "Function",
"target": {
"file": "src/main/java/com/mxgraph/online/EmbedServlet2.java",
"function": "createEmbedJavaScript"
},
"digest": {
"function_hash": "70734982879289325195397943003026944976",
"length": 2980.0
},
"deprecated": false
},
{
"id": "CVE-2022-1727-7922b1aa",
"signature_version": "v1",
"source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
"signature_type": "Line",
"target": {
"file": "src/main/java/com/mxgraph/online/EmbedServlet2.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"254901894573392985582815124475057490047",
"301922167397901805653990100216462167147",
"304899232228681989608537594468147398261",
"140457640227654241827563381296250487990"
]
},
"deprecated": false
},
{
"id": "CVE-2022-1727-8cffbb40",
"signature_version": "v1",
"source": "https://github.com/jgraph/drawio/commit/7a68ebe22a64fe722704e9c4527791209fee2034",
"signature_type": "Line",
"target": {
"file": "src/main/java/com/mxgraph/online/Utils.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"317159762213973568379739420242861351150",
"314418024365988260533013107304308908102",
"245037510416052164030539075216835323001",
"257647301532277619012957194131952782064",
"168624672651464988635778110615366986027",
"319892909989994938184130715676254879520",
"335391923332883398951730313256478179123"
]
},
"deprecated": false
}
]
vanir_signatures_modified
"2026-04-12T09:22:11Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1727.json"