CVE-2022-3065
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-3065
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3065.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-3065
- Published
- 2022-09-02T18:15:12Z
- Modified
- 2025-12-04T10:22:36.057481Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Improper Access Control in jgraph/drawio
- Details
-
Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.
- Database specific
{ "cwe_ids": [ "CWE-284" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3065.json", "cna_assigner": "@huntrdev" }- References
Affected packages
Git / github.com/jgraph/drawio
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jgraph/drawio
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da",
"target": {
"file": "src/main/java/com/mxgraph/online/Utils.java"
},
"signature_type": "Line",
"id": "CVE-2022-3065-06e4f91d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297983236862601165162787118241350983496",
"133035404098511831773598258515486418724",
"212846912982100851464022957389897577831",
"32011423035349666097510197413558946531",
"109112847926717724002180184610925242363",
"100973255290288092485116936733497852829",
"340038873403744728254404263329399700015",
"174938571958385037303856608928420524177",
"311389738974490431870229755008694800129",
"55347842852159006705121042050227110491",
"83978588605010645430415588439349008990",
"218372034107510732116404861408431682443",
"16494419807435874779104973885105030122",
"28690038051724391867905572630846110829",
"40476685730975843371065815345167508907",
"298858127178227798993449599869642660093",
"337206035943752135576863116377705752749",
"86040464160842229292572306902721907048",
"314407095552115460216069433762297564549",
"286990117545344243044723900401037855821",
"141142719025590306306861712860538540807"
]
}
},
{
"source": "https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da",
"target": {
"function": "main",
"file": "etc/build/Xml2Js.java"
},
"signature_type": "Function",
"id": "CVE-2022-3065-33b09ffa",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1719.0,
"function_hash": "96961156035401870364042402541247912108"
}
},
{
"source": "https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da",
"target": {
"function": "encodeToChar",
"file": "etc/build/Xml2Js.java"
},
"signature_type": "Function",
"id": "CVE-2022-3065-35936aed",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1111.0,
"function_hash": "8041084678674978518112558486823271164"
}
},
{
"source": "https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da",
"target": {
"function": "doGet",
"file": "src/main/java/com/mxgraph/online/ProxyServlet.java"
},
"signature_type": "Function",
"id": "CVE-2022-3065-58f8041d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 3379.0,
"function_hash": "313266798093428268168576267760669496741"
}
},
{
"source": "https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da",
"target": {
"file": "src/main/java/com/mxgraph/online/ProxyServlet.java"
},
"signature_type": "Line",
"id": "CVE-2022-3065-8e4a47b0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"6785300618005244835590464136920187191",
"225471474582133882768362654400264699066",
"543102805368430631406794047061206683",
"222753208587775605867005668593013685261",
"157302413686732045262754988371867421215",
"2409321213793600073268484550200101423",
"3748345803253937438363150908059431424",
"334095477408192524693396741044497736820",
"333074141710635353878506192750459148821",
"220923117417108136404831396530146730070",
"331777700304274504875345992146850816227",
"92369655465345351816362398917822910578",
"265189683334862732081892700231238945554",
"180925912375447681660140934576471811157",
"212020884842230654191485434782427439439",
"85301004613514657601829287190636999081",
"320952603635065900274109981844396957809",
"331895422944685206421642923240621563545",
"233391726559323997763420646506788023785",
"83851613445884570417618405524943993854",
"216942005804950694385631626916314475224",
"174208482129194807258718743164878794832",
"5800817682951581055551851812981817729",
"203827527768763910254532795752425599484",
"276626413321479180097228216966277627587",
"239315845419584444762237605349801951607",
"311257320123997839656570907469728989133",
"170604929371976252973301422446046783768",
"101388915085864148968652460542918466045",
"28020380684217053910171162195320734404",
"227755341161553335816271717946109703226",
"91886026009388238977033732407003471552",
"136664239850481066558056863348874677001"
]
}
},
{
"source": "https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da",
"target": {
"file": "etc/build/Xml2Js.java"
},
"signature_type": "Line",
"id": "CVE-2022-3065-abd08571",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"233577614699527743564682273421804057270",
"221191585921726678159445291503670485834",
"299603866859328349950744412835134267454",
"273409930919550499013518914655277389417",
"122093480619065885840978521812142053258",
"262604939318127126324245210226742791515",
"236149320160318680032094546286122451148",
"280448962555398978864303675593450648920",
"98396121281711410203296941214906655555",
"321806190087610122616234049102488856873",
"189091165997832564983778620583609300097",
"237386385920045882619988158451408857178",
"47941094952644171411889798337040029681",
"339283951833588204599223065479697045835",
"248269219522147313286561959993382843992",
"103966679695511622651573860557880848602",
"256809434073643629002423510677503740432",
"94037708131410420735416239993527799246",
"123668655185339834248107967079993858075",
"281398392442023563082981425248851428670",
"142609906106253567952313931900095078886",
"95295751230956113367010770846088973438",
"173830108560791312116902361945251504221",
"237514152212320358775719985449898560772",
"121157210281151847609433117383222873927",
"153963781256889667250556959393627393659",
"45861170089771701835298862530253235289",
"235957020993296968228632044740142644116",
"318711834747898961126936434948560613965",
"142198869142466117076191409932409282130",
"196616920651455204409280109635477049561",
"137736253312572466384264248803546532368",
"18740559563418698498478619718099439883",
"177280045930692335782057791343349900770",
"179922939558126653811930465427667734144",
"105388939113232575444328528482173382868",
"264589555106172830531656658305434349395",
"174456559205099181560883226315682767116",
"63557398941820050497709364754628594575",
"183382724266282038155095381810588423694",
"273805920861973310662999498116627870641",
"263431443634750266788546208064691998972",
"82552240235073817749531416522673072573",
"320212708465011619674082529115899305156",
"278886173721646755045037169398002909313",
"242840361321130068658275950424531870686",
"333737538173695269293870346721731949889",
"334148294203493625613572525015547245707",
"252560100670120748707043842508198053307",
"5056344363273608289097006222117105440",
"328929089709809609281664264923418236879",
"36042973620110671241003223896278137984",
"65105102227156922836621161824576920636",
"318938905857733503356770383446234304295",
"280865377667360368664291392442566914292",
"321166796859239684721166982259003388433",
"14886297428902376420118698787299788505",
"231528823673802003450724962903432837571",
"95023694615599038565222238739543872041",
"251543409376299449510658140338911171547",
"223074958479687279755332080807399873529",
"140041284791679889559147102995910035078",
"249910471601094001864904573284108904439",
"90218585991818013391230549386593302824",
"317788341191277961308047512883952986471",
"284901134845394111769449375959535839346"
]
}
},
{
"source": "https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da",
"target": {
"function": "sanitizeUrl",
"file": "src/main/java/com/mxgraph/online/Utils.java"
},
"signature_type": "Function",
"id": "CVE-2022-3065-d27fd853",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1546.0,
"function_hash": "266565511375680158299356772915967862353"
}
},
{
"source": "https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da",
"target": {
"function": "processFile",
"file": "etc/build/Xml2Js.java"
},
"signature_type": "Function",
"id": "CVE-2022-3065-d8b01d3c",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 614.0,
"function_hash": "278864591542633513335048423535207941747"
}
},
{
"source": "https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da",
"target": {
"function": "encodeToString",
"file": "etc/build/Xml2Js.java"
},
"signature_type": "Function",
"id": "CVE-2022-3065-e5e79b8a",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 98.0,
"function_hash": "138275637415824010497911215082306960773"
}
}
]