8.8
CVE-2022-1727
- EPSS 1.36%
- Veröffentlicht 18.05.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:41:20
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
LoginImproper Input Validation in jgraph/drawio
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.36% | 0.681 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| security@huntr.dev | 8.3 | 2.8 | 5.5 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://github.com/jgraph/drawio/commit/4deecee18191f67e242422abf3ca304e19e49687
https://huntr.dev/bounties/b242e806-fc8c-41c0-aad7-e0c9c37ecdee