Home > Vulnerability Database > WS-2022-0358

Mend.io Vulnerability Database

WS-2022-0358

Good to know:

Date: October 14, 2022

In jgraph/drawio prior to 20.4.2, it is possible to partially interrupt the proxy in the backend by redirecting to the same URL again. This may lead to Denial of Service in proxy by redirecting to own host. This vulnerability is capable of interrupting the proxy service for other users.

Language: Java

Severity Score

6.5

Related Resources (2)

Url: https://github.com/jgraph/drawio/commit/60171270c79bf4be5dac03ec35c97586c97ea5e6

Url: https://www.mend.io/vulnerability-database/WS-2022-0358

Severity Score

6.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version tikiwiki/diagram - v10.6.8

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0358

Good to know:

Date: October 14, 2022

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?