OS Command Injection in jgraph/drawio
CVE-2022-3133

7HIGH

Key Information:

Vendor: Jgraph
Status: Jgraph/drawio
Vendor: CVE Published:; 9 September 2022

🔔 Create Jgraph Vulnerability Alert

What is CVE-2022-3133?

OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.

Affected Version(s)

jgraph/drawio < 20.3.0

References

https://huntr.dev/bounties/2d93052f-efc6-4647-9a6d-8b08dc...

x_refsource_CONFIRM

https://github.com/jgraph/drawio/commit/8f3f95a05b701175b...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2022
Vulnerability Reserved
Sep 5, 2022

CVE-2022-3133 Data

JSON