CVE-2022-1784

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-1784

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1784.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1784

Published

2022-05-20T12:15:11Z

Modified

2026-02-21T02:57:41.230156Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Server-Side Request Forgery (SSRF) in jgraph/drawio

Details

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1784.json",
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-918"
    ]
}

References

Affected packages

Git / github.com/jgraph/drawio

Affected ranges

Type: GIT
Repo: https://github.com/jgraph/drawio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7764b250b3fa58b249542f4ff9a1ddc1362cf88c

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java",
            "function": "doGet"
        },
        "digest": {
            "length": 123.0,
            "function_hash": "49538206169768885484481521116510799307"
        },
        "signature_version": "v1",
        "id": "CVE-2022-1784-2970f477"
    },
    {
        "source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/com/mxgraph/online/EmbedServlet2.java",
            "function": "createEmbedJavaScript"
        },
        "digest": {
            "length": 3016.0,
            "function_hash": "3470432030323827792816714816650716441"
        },
        "signature_version": "v1",
        "id": "CVE-2022-1784-7049f9d1"
    },
    {
        "source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "180789272238244288546885001159271359949",
                "35576192044945825610945977641434497820",
                "286057194021406331277536662860577647221",
                "145144166743551789640126777234910768992",
                "127763540888710339522709995971009507454",
                "144087697034028465105565213427273967484",
                "286038511766407548094119659691304876209",
                "129500328128567571566174713036663817513",
                "162698813618815396437579258340202809780",
                "146291267804270856671916501344545440391",
                "102661168528056376882772607372740022320",
                "208826711001461125558892366335601625545",
                "54786466570422448016311892460334479206",
                "318595939416164664705339692112840221498",
                "271741185719755941364946033898624548244",
                "58309677891053095897723189305161979057",
                "287194681247123779929590522274904203194",
                "190927463681890302172105857806332304180",
                "159780486195996373252547770977710675992",
                "44508411518177931148226608077701599943",
                "176870581368344016742565590360054484472",
                "110834984155899692656040922022957841279",
                "186579475507125839232233720476338010460",
                "334397718876559959214862611267771088499",
                "232236997220001653037499704676116962415",
                "196566159410292047634061509657425327252",
                "204482836948174099854766568327856530407",
                "228102606815755805156897395921656578528",
                "94995035060860162361008570587378076588",
                "259721208675597745732795153025920448540",
                "238516084744943187119487515595432663645",
                "202952381627886200536577347517238034490",
                "129368209869612971086055276425946219226",
                "230037888378387187467115200048739037754",
                "6040878792464258416926057937804399669",
                "7231799929955217456584553179456876220",
                "3906867256528341624840439729056254871",
                "90722363254520543123263301807229938039",
                "76226048029242824433048297436895680488",
                "279501690996635782145587607285290504418",
                "327457116756788831173299487039111900215",
                "164688692059100785015039194434199670057",
                "332965126459094885204648927856353166357",
                "121113848624103954163861293995490988782",
                "256584730705082943921705964095167031707",
                "173656646453873081731516793416227958011",
                "16943000253174070185296231346429311068",
                "210333819771662114905929922521798371669",
                "82087793567371661822685999613813830125",
                "250345135886828214717995121070873313755",
                "193826165006346730585559538157299064484",
                "279678543001973130108289432920160428897",
                "166426737182648385677347908556237932627",
                "158811272773840270633614979510879969735",
                "203778720794641776145876534706527598700",
                "248413974318791041844509613846285596095",
                "252120898774353079211419466597201560472",
                "188703969363170306522781397241327433190",
                "291227460890305711550138595246611657874",
                "198045077996250436377393995630245671075",
                "66297509349135122153871298275541919900",
                "111661124633551421297185630779856032414",
                "323765386161091670261534948977227502003",
                "196406240586289300479422337029405334649",
                "323828328798069546993459057595687148658",
                "115878703066402673828258939684273350187",
                "115071155878487152912141294446074418553",
                "332958522749897577062306038630485633378",
                "127504776107964746004507466818105359910",
                "170218878819474744747104534078970723964",
                "337598614380689348659032556663164506680",
                "19920731631372957073566266019235807085",
                "236603204837148997758348534517395911317",
                "264174714697241987579306752054751460675",
                "274698907838376447611083920365901430534",
                "129328837029650232510635198241430507392",
                "16296664584125957667841435669447351929",
                "175178962214410847671789519937661763578",
                "149461555108201031447751555994766775690",
                "330911002109948927603074364395060704203",
                "227860339646915601551346296985972894781",
                "69651625364123870870833175423048988013",
                "143554575397187256015146813388839094984",
                "117297673001589629488762075376968453294",
                "127989983803354714406801666073925867823",
                "30678149260047684922933458445743701585",
                "227238461897077151596886549216689949866",
                "158830202716706154651874617594214996908",
                "229425674174397765507716058200994374144",
                "332397412076253457948538207641082953171",
                "156541816440903427579734756043913386458",
                "157321624749754242831662502277357657404",
                "254726490993926656970938310091473555137",
                "216447204900139475288577614335181638155",
                "181520163800648525970109299726197207854",
                "316586550690165261923997593964053900955",
                "891362101161686083317143823218144124",
                "114310913277922599223130107120555825721",
                "270762089547866589191212745369012767906",
                "262991063660225457553145497096656066602",
                "28838877459960843556065310517173572130",
                "301713173435540519932147209929618554344",
                "32455770526702646300553596552012434104",
                "13071425363648720382645790295563186061",
                "235277657237514622051043815640350801291",
                "101505522906191282901935590549903833294",
                "113996744890744225708490912485601192225",
                "184215555875474340990267261107832602732",
                "239949367949382826509812465381542053497",
                "268929327370548486082556554130045817776",
                "323708585643746563571220688121069169802",
                "264080462300817536752816275490712152474",
                "129660322191932285280370713765259388846",
                "185981907262258561586469956177423482316",
                "112454836419808723484603088438632862485",
                "212299809272721334622306312291583106860",
                "336441530868707728516507028002201602400",
                "252843623496135436618627970490248565538",
                "220643483812869713568587090576623608961",
                "198352896266400003370050275935100837296"
            ]
        },
        "signature_version": "v1",
        "id": "CVE-2022-1784-858082ce"
    },
    {
        "source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java",
            "function": "doRequest"
        },
        "digest": {
            "length": 1844.0,
            "function_hash": "242663239086281051145779215156174345331"
        },
        "signature_version": "v1",
        "id": "CVE-2022-1784-db208c46"
    },
    {
        "source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java",
            "function": "doPost"
        },
        "digest": {
            "length": 124.0,
            "function_hash": "306506598867460969483449000757569771570"
        },
        "signature_version": "v1",
        "id": "CVE-2022-1784-e8fc4ac5"
    },
    {
        "source": "https://github.com/jgraph/drawio/commit/7764b250b3fa58b249542f4ff9a1ddc1362cf88c",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/com/mxgraph/online/EmbedServlet2.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "77660314934475400226812239381487105310",
                "233914783057599907772009556776386666840",
                "24117070879632851745740539360080522053",
                "80043874342951353709192771977052120855",
                "62688104822552041593747328114964531183",
                "18369351265220543409230636377725756706",
                "200322263589444649926294089560603405999",
                "247204129510381087036685007189790624922"
            ]
        },
        "signature_version": "v1",
        "id": "CVE-2022-1784-ec8ede72"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1784.json"