Home > Vulnerability Database > CVE-2022-3133

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2022-3133

Date: September 9, 2022

OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.

Language: JS

Severity Score

7.8

Related Resources (4)

Url: https://github.com/jgraph/drawio/commit/8f3f95a05b701175b639ba9572dc4e0fb7c46b02

Url: https://huntr.dev/bounties/2d93052f-efc6-4647-9a6d-8b08dc251223

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3133

Url: https://www.mend.io/vulnerability-database/CVE-2022-3133

Severity Score

7.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Do you need more information?

Contact Us