We found results for “”
WS-2022-0358
Good to know:
Date: October 14, 2022
In jgraph/drawio prior to 20.4.2, it is possible to partially interrupt the proxy in the backend by redirecting to the same URL again. This may lead to Denial of Service in proxy by redirecting to own host. This vulnerability is capable of interrupting the proxy service for other users.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption ('Resource Exhaustion')
CWE-400Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |