daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-1713.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-06-29 10:38:32 -04:00
parent 41dd0472b0
commit 0b4668d935
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2022/CVE-2022-1713.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-1713 id: CVE-2022-1713
info: info:
name: Drawio - SSRF on /proxy endpoint name: Drawio <18.0.4 - Server-Side Request Forgery
author: pikpikcu author: pikpikcu
severity: high severity: high
description: | description: |
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
reference: reference:
- https://huntr.dev/bounties/cad3902f-3afb-4ed2-abd0-9f96a248de11 - https://huntr.dev/bounties/cad3902f-3afb-4ed2-abd0-9f96a248de11
- https://nvd.nist.gov/vuln/detail/CVE-2022-1713 - https://nvd.nist.gov/vuln/detail/CVE-2022-1713
@ -31,9 +31,11 @@ requests:
- type: word - type: word
part: body part: body
words: words:
- "<title>Flowchart Maker &amp; Online Diagram Software</title>" - "<title>Flowchart Maker & Online Diagram Software</title>"
- type: word - type: word
part: header part: header
words: words:
- "application/octet-stream" - "application/octet-stream"
# Enhanced by mp on 2022/06/29