CVE-2023-3398
- Source
- https://cve.org/CVERecord?id=CVE-2023-3398
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3398.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-3398
- Published
- 2023-06-26T10:05:09.278Z
- Modified
- 2025-11-28T02:35:15.737707Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Denial of Service in jgraph/drawio
- Details
-
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.
- Database specific
{ "cwe_ids": [ "CWE-400" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3398.json", "cna_assigner": "@huntrdev" }- References
Affected packages
Git / github.com/jgraph/drawio
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jgraph/drawio
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"target": {
"file": "src/main/java/com/mxgraph/online/ConverterServlet.java"
},
"id": "CVE-2023-3398-3b8dbf55",
"deprecated": false,
"digest": {
"line_hashes": [
"258797986127242731456643744753705338377",
"184716646145454778975560605483984672669",
"73254529662099616164656650401088304955",
"328022477488511299856389620937061963092",
"255925272683641047956360940975406615142",
"84366592129035872319645675313668168296",
"284909194137051085326611336736413553455",
"85920172588391281614225869730275670716",
"216103039360198829058639434012354029053",
"246081443821301033883003441604461087198",
"52819037629903398064345127374098225518"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"file": "src/main/java/com/mxgraph/online/Utils.java"
},
"id": "CVE-2023-3398-4e37e4b3",
"deprecated": false,
"digest": {
"line_hashes": [
"218396953989777755936603533308776901605",
"336702723707829300906655694946918927869",
"139545197590406844204443109837784129548",
"128489785929064543976248464054106372913",
"294878785545966630874873576982838848119",
"240532477147534567760006506707357890928",
"167480423690791033686710100048186890934",
"327406040547654869739987254307770954854",
"242389240923550157879867369668790268044",
"186749712443690704389303537590559336143",
"114630454506863961995314079926174582014",
"79840868630126723087734239216118972051"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"function": "doGet",
"file": "src/main/java/com/mxgraph/online/ProxyServlet.java"
},
"id": "CVE-2023-3398-5aebbf56",
"deprecated": false,
"digest": {
"length": 3121.0,
"function_hash": "183252932625986190375593367951158972454"
},
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"function": "doPost",
"file": "src/main/java/com/mxgraph/online/ConverterServlet.java"
},
"id": "CVE-2023-3398-69488ece",
"deprecated": false,
"digest": {
"length": 3517.0,
"function_hash": "14729812004277460197495427244413203463"
},
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"file": "src/main/java/com/mxgraph/online/ProxyServlet.java"
},
"id": "CVE-2023-3398-7936b040",
"deprecated": false,
"digest": {
"line_hashes": [
"302887226090584396080226426578337409072",
"42675363500303993035203848819035528434",
"208071934166435403625111427875780374952",
"3850839638440813709471338385017899730",
"81093262501706111669735390005543662323",
"40382596374279040029404048864796568261",
"258557140681806692795772726405424932311",
"12375743138244821019147929840003524749",
"83239576182756370896016744740011969614",
"216249603085560159777174408381784309405",
"106776514921572465595062606815380139751",
"208170199460855352033791890782158321063",
"93288830607323386132232430072611089983",
"150987742095401611630592445851940426976",
"83939494958761178732014129129957215701",
"99698394377646999488082188651713221601",
"47230272246828590701594435413883905977",
"221359439245079668054522934917085806445"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java"
},
"id": "CVE-2023-3398-84a97b6c",
"deprecated": false,
"digest": {
"line_hashes": [
"259570617445576390929645714861130266535",
"57433944045002364687518818502969697481",
"190927463681890302172105857806332304180",
"236603204837148997758348534517395911317",
"264174714697241987579306752054751460675",
"274698907838376447611083920365901430534",
"129328837029650232510635198241430507392"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"function": "copy",
"file": "src/main/java/com/mxgraph/online/Utils.java"
},
"id": "CVE-2023-3398-8e13769f",
"deprecated": false,
"digest": {
"length": 238.0,
"function_hash": "312166637048462804485523456823216146285"
},
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"function": "createEmbedJavaScript",
"file": "src/main/java/com/mxgraph/online/EmbedServlet2.java"
},
"id": "CVE-2023-3398-ae60cc72",
"deprecated": false,
"digest": {
"length": 3174.0,
"function_hash": "204292236565755496336483811021520379698"
},
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"file": "src/main/java/com/mxgraph/online/EmbedServlet2.java"
},
"id": "CVE-2023-3398-c50ec418",
"deprecated": false,
"digest": {
"line_hashes": [
"145488005478664554256992486899451181015",
"5677719975307041351999927972997802913",
"149295442145270053286992439063452730906",
"63573579218313940906633551967083275860",
"312578516197068695444253409665442419576",
"322632637880759482526332518063078923917",
"306036483280094371196172655928442548025",
"262666722395400678224613076408397491569",
"191445979205910587812915911636801747854",
"159101234049483209127845984179938663617",
"112696528042590369070498786583714281197"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"function": "copyResponse",
"file": "src/main/java/com/mxgraph/online/ProxyServlet.java"
},
"id": "CVE-2023-3398-e2e35f8b",
"deprecated": false,
"digest": {
"length": 583.0,
"function_hash": "252876285254836248538485940917376716451"
},
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
},
{
"target": {
"function": "doRequest",
"file": "src/main/java/com/mxgraph/online/ExportProxyServlet.java"
},
"id": "CVE-2023-3398-e359e846",
"deprecated": false,
"digest": {
"length": 2057.0,
"function_hash": "51632015416191301935974705715263709048"
},
"signature_type": "Function",
"source": "https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3398.json"