CVE-2022-1713
HIGH NUCLEIdrawio < 18.0.4 - Server-Side Request Forgery via /proxy Endpoint
Title source: llmExploitation Summary
CVE-2022-1713 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
Nuclei Templates (1)
Drawio <18.0.4 - Server-Side Request Forgery
HIGHVERIFIEDby pikpikcu
Shodan:
http.title:"Flowchart Maker" || http.title:"flowchart maker"
FOFA:
title="flowchart maker"
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/cad3902f-3afb-4ed2-abd0-9f96a248de11
Patch, Third Party Advisory x_refsource_misc
https://github.com/jgraph/drawio/commit/283d41ec80ad410d68634245cf56114bc19331ee
Scores
CVSS v3
7.5
EPSS
0.0867
EPSS Percentile
94.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (1)
diagrams/drawio
< 18.0.4
Published
May 16, 2022
Tracked Since
Feb 18, 2026