CVE-2022-1784
- Source
- https://cve.org/CVERecord?id=CVE-2022-1784
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1784.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-1784
- Published
- 2022-05-20T12:15:11Z
- Modified
- 2026-04-12T09:22:13.408296Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Server-Side Request Forgery (SSRF) in jgraph/drawio
- Details
-
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.
- Database specific
{ "cna_assigner": "@huntrdev", "cwe_ids": [ "CWE-918" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1784.json" }- References
Affected packages
Git / github.com/jgraph/drawio
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jgraph/drawio
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v11.*
v11.1.5
v11.2.0
v11.2.1
v11.2.2
v11.2.4
v11.2.5
v11.2.6
v11.2.7
v11.2.8
v11.2.9
v11.3.0
v11.3.1
v11.3.2
v12.*
v12.0.0
v12.1.0
v12.1.1
v12.1.2
v12.1.3
v12.1.4
v12.1.5
v12.1.6
v12.1.7
v12.1.8
v12.1.9
v12.2.0
v12.2.1
v12.2.2
v12.2.3
v12.2.4
v12.2.7
v12.2.8
v12.2.9
v12.3.0
v12.3.1
v12.3.2
v12.3.3
v12.3.4
v12.3.5
v12.3.6
v12.3.7
v12.3.9
v12.4.0
v12.4.1
v12.4.2
v12.4.3
v12.4.4
v12.4.5
v12.4.6
v12.4.7
v12.4.8
v12.5.0
v12.5.1
v12.5.2
v12.5.3
v12.5.4
v12.5.5
v12.5.7
v12.5.8
v12.6.1
v12.6.3
v12.6.4
v12.6.5
v12.6.7
v12.6.8
v12.7.0
v12.7.1
v12.7.2
v12.7.3
v12.7.4
v12.7.8
v12.7.9
v12.8.0
v12.8.1
v12.8.2
v12.8.3
v12.8.5
v12.8.6
v12.9.1
v12.9.10
v12.9.11
v12.9.12
v12.9.13
v12.9.14
v12.9.2
v12.9.3
v12.9.4
v12.9.5
v12.9.6
v12.9.7
v12.9.8
v12.9.9
v13.*
v13.0.0
v13.0.1
v13.0.2
v13.0.3
v13.0.4
v13.0.6
v13.0.7
v13.0.8
v13.0.9
v13.1.1
v13.1.13
v13.1.14
v13.1.2
v13.1.3
v13.1.4
v13.1.7
v13.1.8
v13.1.9
v13.10.0
v13.10.1
v13.10.2
v13.10.4
v13.10.5
v13.10.6
v13.10.9
v13.11.0
v13.2.0
v13.2.1
v13.2.2
v13.2.3
v13.2.4
v13.2.5
v13.3.0
v13.3.1
v13.3.3
v13.3.4
v13.3.5
v13.3.6
v13.3.7
v13.3.8
v13.3.9
v13.4.0
v13.4.1
v13.4.2
v13.4.3
v13.4.4
v13.4.5
v13.4.6
v13.4.7
v13.4.8
v13.4.9
v13.5.0
v13.5.1
v13.5.2
v13.5.3
v13.5.4
v13.5.5
v13.5.6
v13.5.7
v13.5.8
v13.5.9
v13.6.0
v13.6.1
v13.6.10
v13.6.2
v13.6.3
v13.6.4
v13.6.5
v13.6.6
v13.6.7
v13.6.8
v13.6.9
v13.7.0
v13.7.2
v13.7.3
v13.7.4
v13.7.5
v13.7.6
v13.7.7
v13.7.8
v13.7.9
v13.8.0
v13.8.1
v13.8.2
v13.8.3
v13.8.5
v13.8.6
v13.8.7
v13.8.8
v13.8.9
v13.9.0
v13.9.1
v13.9.4
v13.9.5
v13.9.7
v13.9.8
v13.9.9
v14.*
v14.0.0
v14.0.1
v14.0.2
v14.0.3
v14.0.4
v14.1.0
v14.1.1
v14.1.2
v14.1.3
v14.1.4
v14.1.5
v14.1.7
v14.1.8
v14.1.9
v14.2.2
v14.2.3
v14.2.4
v14.2.5
v14.2.6
v14.2.7
v14.2.8
v14.2.9
v14.3.0
v14.3.1
v14.3.2
v14.4.0
v14.4.2
v14.4.3
v14.4.4
v14.4.5
v14.4.6
v14.4.7
v14.4.8
v14.4.9
v14.5.0
v14.5.1
v14.5.2
v14.5.4
v14.5.5
v14.5.6
v14.5.7
v14.5.9
v14.6.0
v14.6.10
v14.6.13
v14.6.2
v14.6.5
v14.6.6
v14.6.8
v14.6.9
v14.7.0
v14.7.1
v14.7.10
v14.7.2
v14.7.3
v14.7.4
v14.7.5
v14.7.6
v14.7.7
v14.7.8
v14.7.9
v14.8.0
v14.8.2
v14.8.3
v14.8.4
v14.8.5
v14.8.6
v14.9.0
v14.9.1
v14.9.2
v14.9.3
v14.9.4
v14.9.5
v14.9.6
v14.9.7
v14.9.9
v15.*
v15.0.0
v15.0.1
v15.0.2
v15.0.3
v15.0.4
v15.0.5
v15.0.6
v15.1.0
v15.1.1
v15.1.2
v15.1.3
v15.1.4
v15.2.0
v15.2.1
v15.2.2
v15.2.5
v15.2.6
v15.2.7
v15.2.9
v15.3.0
v15.3.1
v15.3.2
v15.3.3
v15.3.4
v15.3.5
v15.3.6
v15.3.7
v15.3.8
v15.4.0
v15.4.1
v15.4.2
v15.4.3
v15.5.0
v15.5.1
v15.5.2
v15.5.4
v15.5.5
v15.5.7
v15.5.8
v15.5.9
v15.6.0
v15.6.1
v15.6.2
v15.6.3
v15.6.4
v15.6.5
v15.6.6
v15.6.8
v15.7.0
v15.7.1
v15.7.2
v15.7.3
v15.7.4
v15.8.0
v15.8.1
v15.8.3
v15.8.4
v15.8.5
v15.8.6
v15.8.7
v15.8.8
v15.8.9
v15.9.1
v15.9.3
v15.9.4
v15.9.5
v15.9.6
v16.*
v16.0.0
v16.0.2
v16.0.3
v16.1.0
v16.1.2
v16.1.3
v16.1.4
v16.2.1
v16.2.2
v16.2.3
v16.2.4
v16.2.6
v16.2.7
v16.3.0
v16.4.0
v16.4.11
v16.4.3
v16.4.5
v16.4.7
v16.4.8
v16.5.1
v16.5.2
v16.5.3
v16.5.4
v16.5.6
v16.6.0
v16.6.1
v16.6.2
v16.6.3
v16.6.4
v16.6.5
v16.6.6
v16.6.7
v16.6.8
v17.*
v17.0.0
v17.1.0
v17.1.1
v17.1.2
v17.1.3
v17.1.4
v17.1.5
v17.2.1
v17.2.2
v17.2.3
v17.2.4
v17.2.5
v17.3.0
v17.4.0
v17.4.1
v17.4.2
v17.4.3
v17.5.1
v18.*
v18.0.0
v18.0.1
v18.0.2
v18.0.3
v18.0.4
v18.0.5
v18.0.6
v18.0.7
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1784.json"
vanir_signatures_modified
"2026-04-12T09:22:13Z"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
"digest": {
"function_hash": "49538206169768885484481521116510799307",
"length": 123.0
},
"id": "CVE-2022-1784-2970f477",
"deprecated": false,
"target": {
"file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java",
"function": "doGet"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
"digest": {
"function_hash": "3470432030323827792816714816650716441",
"length": 3016.0
},
"id": "CVE-2022-1784-7049f9d1",
"deprecated": false,
"target": {
"file": "src/main/java/com/mxgraph/online/EmbedServlet2.java",
"function": "createEmbedJavaScript"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"180789272238244288546885001159271359949",
"35576192044945825610945977641434497820",
"286057194021406331277536662860577647221",
"145144166743551789640126777234910768992",
"127763540888710339522709995971009507454",
"144087697034028465105565213427273967484",
"286038511766407548094119659691304876209",
"129500328128567571566174713036663817513",
"162698813618815396437579258340202809780",
"146291267804270856671916501344545440391",
"102661168528056376882772607372740022320",
"208826711001461125558892366335601625545",
"54786466570422448016311892460334479206",
"318595939416164664705339692112840221498",
"271741185719755941364946033898624548244",
"58309677891053095897723189305161979057",
"287194681247123779929590522274904203194",
"190927463681890302172105857806332304180",
"159780486195996373252547770977710675992",
"44508411518177931148226608077701599943",
"176870581368344016742565590360054484472",
"110834984155899692656040922022957841279",
"186579475507125839232233720476338010460",
"334397718876559959214862611267771088499",
"232236997220001653037499704676116962415",
"196566159410292047634061509657425327252",
"204482836948174099854766568327856530407",
"228102606815755805156897395921656578528",
"94995035060860162361008570587378076588",
"259721208675597745732795153025920448540",
"238516084744943187119487515595432663645",
"202952381627886200536577347517238034490",
"129368209869612971086055276425946219226",
"230037888378387187467115200048739037754",
"6040878792464258416926057937804399669",
"7231799929955217456584553179456876220",
"3906867256528341624840439729056254871",
"90722363254520543123263301807229938039",
"76226048029242824433048297436895680488",
"279501690996635782145587607285290504418",
"327457116756788831173299487039111900215",
"164688692059100785015039194434199670057",
"332965126459094885204648927856353166357",
"121113848624103954163861293995490988782",
"256584730705082943921705964095167031707",
"173656646453873081731516793416227958011",
"16943000253174070185296231346429311068",
"210333819771662114905929922521798371669",
"82087793567371661822685999613813830125",
"250345135886828214717995121070873313755",
"193826165006346730585559538157299064484",
"279678543001973130108289432920160428897",
"166426737182648385677347908556237932627",
"158811272773840270633614979510879969735",
"203778720794641776145876534706527598700",
"248413974318791041844509613846285596095",
"252120898774353079211419466597201560472",
"188703969363170306522781397241327433190",
"291227460890305711550138595246611657874",
"198045077996250436377393995630245671075",
"66297509349135122153871298275541919900",
"111661124633551421297185630779856032414",
"323765386161091670261534948977227502003",
"196406240586289300479422337029405334649",
"323828328798069546993459057595687148658",
"115878703066402673828258939684273350187",
"115071155878487152912141294446074418553",
"332958522749897577062306038630485633378",
"127504776107964746004507466818105359910",
"170218878819474744747104534078970723964",
"337598614380689348659032556663164506680",
"19920731631372957073566266019235807085",
"236603204837148997758348534517395911317",
"264174714697241987579306752054751460675",
"274698907838376447611083920365901430534",
"129328837029650232510635198241430507392",
"16296664584125957667841435669447351929",
"175178962214410847671789519937661763578",
"149461555108201031447751555994766775690",
"330911002109948927603074364395060704203",
"227860339646915601551346296985972894781",
"69651625364123870870833175423048988013",
"143554575397187256015146813388839094984",
"117297673001589629488762075376968453294",
"127989983803354714406801666073925867823",
"30678149260047684922933458445743701585",
"227238461897077151596886549216689949866",
"158830202716706154651874617594214996908",
"229425674174397765507716058200994374144",
"332397412076253457948538207641082953171",
"156541816440903427579734756043913386458",
"157321624749754242831662502277357657404",
"254726490993926656970938310091473555137",
"216447204900139475288577614335181638155",
"181520163800648525970109299726197207854",
"316586550690165261923997593964053900955",
"891362101161686083317143823218144124",
"114310913277922599223130107120555825721",
"270762089547866589191212745369012767906",
"262991063660225457553145497096656066602",
"28838877459960843556065310517173572130",
"301713173435540519932147209929618554344",
"32455770526702646300553596552012434104",
"13071425363648720382645790295563186061",
"235277657237514622051043815640350801291",
"101505522906191282901935590549903833294",
"113996744890744225708490912485601192225",
"184215555875474340990267261107832602732",
"239949367949382826509812465381542053497",
"268929327370548486082556554130045817776",
"323708585643746563571220688121069169802",
"264080462300817536752816275490712152474",
"129660322191932285280370713765259388846",
"185981907262258561586469956177423482316",
"112454836419808723484603088438632862485",
"212299809272721334622306312291583106860",
"336441530868707728516507028002201602400",
"252843623496135436618627970490248565538",
"220643483812869713568587090576623608961",
"198352896266400003370050275935100837296"
]
},
"id": "CVE-2022-1784-858082ce",
"deprecated": false,
"target": {
"file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
"digest": {
"function_hash": "242663239086281051145779215156174345331",
"length": 1844.0
},
"id": "CVE-2022-1784-db208c46",
"deprecated": false,
"target": {
"file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java",
"function": "doRequest"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
"digest": {
"function_hash": "306506598867460969483449000757569771570",
"length": 124.0
},
"id": "CVE-2022-1784-e8fc4ac5",
"deprecated": false,
"target": {
"file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java",
"function": "doPost"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"77660314934475400226812239381487105310",
"233914783057599907772009556776386666840",
"24117070879632851745740539360080522053",
"80043874342951353709192771977052120855",
"62688104822552041593747328114964531183",
"18369351265220543409230636377725756706",
"200322263589444649926294089560603405999",
"247204129510381087036685007189790624922"
]
},
"id": "CVE-2022-1784-ec8ede72",
"deprecated": false,
"target": {
"file": "src/main/java/com/mxgraph/online/EmbedServlet2.java"
}
}
]