Enhancement: cves/2022/CVE-2022-1713.yaml by mp

2022-06-29 10:38:32 -04:00 · 2022-06-29 10:38:32 -04:00 · 0b4668d935
parent 41dd0472b0
commit 0b4668d935
1 changed files with 5 additions and 3 deletions
--- a/cves/2022/CVE-2022-1713.yaml
+++ b/cves/2022/CVE-2022-1713.yaml
@ -1,11 +1,11 @@
 id: CVE-2022-1713

 info:
-  name: Drawio - SSRF on /proxy endpoint
+  name: Drawio <18.0.4 - Server-Side Request Forgery
  author: pikpikcu
  severity: high
  description: |
-    SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
+    Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
  reference:
    - https://huntr.dev/bounties/cad3902f-3afb-4ed2-abd0-9f96a248de11
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1713
@ -31,9 +31,11 @@ requests:
      - type: word
        part: body
        words:
-          - "<title>Flowchart Maker &amp; Online Diagram Software</title>"
+          - "<title>Flowchart Maker & Online Diagram Software</title>"

      - type: word
        part: header
        words:
          - "application/octet-stream"
+
+# Enhanced by mp on 2022/06/29