Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1767: 18.0.7 release · jgraph/drawio@c63f3a0

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.

CVE
#web#ios#android#mac#apple#google#microsoft#git#ssrf#auth#chrome#webkit#firefox

@@ -468,7 +468,7 @@ a),DRAWIO_GITLAB_URL=a);a=urlParams[“gitlab-id”];null!=a&&(DRAWIO_GITLAB_ID=a);w if(“1"==urlParams.offline||"1"==urlParams.demo||"1"==urlParams.stealth||"1"==urlParams.local||"1"==urlParams.lockdown)urlParams.picker="0",urlParams.gapi="0",urlParams.db="0",urlParams.od="0",urlParams.gh="0",urlParams.gl="0",urlParams.tr="0"; “se.diagrams.net"==window.location.hostname&&(urlParams.db="0",urlParams.od="0",urlParams.gh="0",urlParams.gl="0",urlParams.tr="0",urlParams.plugins="0",urlParams.mode="google",urlParams.lockdown="1",window.DRAWIO_GOOGLE_APP_ID=window.DRAWIO_GOOGLE_APP_ID||"184079235871",window.DRAWIO_GOOGLE_CLIENT_ID=window.DRAWIO_GOOGLE_CLIENT_ID||"184079235871-pjf5nn0lff27lk8qf0770gmffiv9gt61.apps.googleusercontent.com”);"trello"==urlParams.mode&&(urlParams.tr="1”); “embed.diagrams.net"==window.location.hostname&&(urlParams.embed="1”);(null==window.location.hash||1>=window.location.hash.length)&&null!=urlParams.open&&(window.location.hash=urlParams.open);window.urlParams=window.urlParams||{};window.MAX_REQUEST_SIZE=window.MAX_REQUEST_SIZE||10485760;window.MAX_AREA=window.MAX_AREA||225E6;window.EXPORT_URL=window.EXPORT_URL||"/export";window.SAVE_URL=window.SAVE_URL||"/save";window.OPEN_URL=window.OPEN_URL||"/open";window.RESOURCES_PATH=window.RESOURCES_PATH||"resources";window.RESOURCE_BASE=window.RESOURCE_BASE||window.RESOURCES_PATH+"/grapheditor";window.STENCIL_PATH=window.STENCIL_PATH||"stencils";window.IMAGE_PATH=window.IMAGE_PATH||"images"; window.STYLE_PATH=window.STYLE_PATH||"styles";window.CSS_PATH=window.CSS_PATH||"styles";window.OPEN_FORM=window.OPEN_FORM||"open.html";window.mxBasePath=window.mxBasePath||"mxgraph";window.mxImageBasePath=window.mxImageBasePath||"mxgraph/images";window.mxLanguage=window.mxLanguage||urlParams.lang;window.mxLanguages=window.mxLanguages||[“de","se”];var mxClient={VERSION:"18.0.6",IS_IE:null!=navigator.userAgent&&0<=navigator.userAgent.indexOf(“MSIE”),IS_IE11:null!=navigator.userAgent&&!!navigator.userAgent.match(/Trident\/7\./),IS_EDGE:null!=navigator.userAgent&&!!navigator.userAgent.match(/Edge\//),IS_EM:"spellcheck"in document.createElement(“textarea”)&&8==document.documentMode,VML_PREFIX:"v",OFFICE_PREFIX:"o",IS_NS:null!=navigator.userAgent&&0<=navigator.userAgent.indexOf(“Mozilla/”)&&0>navigator.userAgent.indexOf(“MSIE”)&&0>navigator.userAgent.indexOf(“Edge/”), window.STYLE_PATH=window.STYLE_PATH||"styles";window.CSS_PATH=window.CSS_PATH||"styles";window.OPEN_FORM=window.OPEN_FORM||"open.html";window.mxBasePath=window.mxBasePath||"mxgraph";window.mxImageBasePath=window.mxImageBasePath||"mxgraph/images";window.mxLanguage=window.mxLanguage||urlParams.lang;window.mxLanguages=window.mxLanguages||[“de","se”];var mxClient={VERSION:"18.0.7",IS_IE:null!=navigator.userAgent&&0<=navigator.userAgent.indexOf(“MSIE”),IS_IE11:null!=navigator.userAgent&&!!navigator.userAgent.match(/Trident\/7\./),IS_EDGE:null!=navigator.userAgent&&!!navigator.userAgent.match(/Edge\//),IS_EM:"spellcheck"in document.createElement(“textarea”)&&8==document.documentMode,VML_PREFIX:"v",OFFICE_PREFIX:"o",IS_NS:null!=navigator.userAgent&&0<=navigator.userAgent.indexOf(“Mozilla/”)&&0>navigator.userAgent.indexOf(“MSIE”)&&0>navigator.userAgent.indexOf(“Edge/”), IS_OP:null!=navigator.userAgent&&(0<=navigator.userAgent.indexOf(“Opera/”)||0<=navigator.userAgent.indexOf(“OPR/”)),IS_OT:null!=navigator.userAgent&&0<=navigator.userAgent.indexOf(“Presto/”)&&0>navigator.userAgent.indexOf(“Presto/2.4.”)&&0>navigator.userAgent.indexOf(“Presto/2.3.”)&&0>navigator.userAgent.indexOf(“Presto/2.2.”)&&0>navigator.userAgent.indexOf(“Presto/2.1.”)&&0>navigator.userAgent.indexOf(“Presto/2.0.”)&&0>navigator.userAgent.indexOf(“Presto/1.”),IS_SF:/Apple Computer, Inc/.test(navigator.vendor), IS_ANDROID:0<=navigator.appVersion.indexOf(“Android”),IS_IOS:/iP(hone|od|ad)/.test(navigator.platform)||navigator.userAgent.match(/Mac/)&&navigator.maxTouchPoints&&2<navigator.maxTouchPoints,IS_WEBVIEW:/((iPhone|iPod|iPad).*AppleWebKit(?!.*Version)|; wv)/i.test(navigator.userAgent),IS_GC:/Google Inc/.test(navigator.vendor),IS_CHROMEAPP:null!=window.chrome&&null!=chrome.app&&null!=chrome.app.runtime,IS_FF:"undefined"!==typeof InstallTrigger,IS_MT:0<=navigator.userAgent.indexOf(“Firefox/”)&&0>navigator.userAgent.indexOf(“Firefox/1.”)&& 0>navigator.userAgent.indexOf(“Firefox/2.”)||0<=navigator.userAgent.indexOf(“Iceweasel/”)&&0>navigator.userAgent.indexOf(“Iceweasel/1.”)&&0>navigator.userAgent.indexOf(“Iceweasel/2.”)||0<=navigator.userAgent.indexOf(“SeaMonkey/”)&&0>navigator.userAgent.indexOf(“SeaMonkey/1.”)||0<=navigator.userAgent.indexOf(“Iceape/”)&&0>navigator.userAgent.indexOf(“Iceape/1.”),IS_SVG:"MICROSOFT INTERNET EXPLORER"!=navigator.appName.toUpperCase(),NO_FO:!document.createElementNS||"[object SVGForeignObjectElement]“!== @@ -11694,7 +11694,7 @@ D.appendChild®;Q.appendChild(D);this.container=Q};var W=ChangePageSetup.protot this.format);null!=this.mathEnabled&&(this.page.viewState.mathEnabled=this.mathEnabled);null!=this.shadowVisible&&(this.page.viewState.shadowVisible=this.shadowVisible)}}else W.apply(this,arguments),null!=this.mathEnabled&&this.mathEnabled!=this.ui.isMathEnabled()&&(this.ui.setMathEnabled(this.mathEnabled),this.mathEnabled=!this.mathEnabled),null!=this.shadowVisible&&this.shadowVisible!=this.ui.editor.graph.shadowVisible&&(this.ui.editor.graph.setShadowVisible(this.shadowVisible),this.shadowVisible= !this.shadowVisible)};Editor.prototype.useCanvasForExport=!1;try{var U=document.createElement(“canvas”),X=new Image;X.onload=function(){try{U.getContext(“2d”).drawImage(X,0,0);var u=U.toDataURL(“image/png”);Editor.prototype.useCanvasForExport=null!=u&&6<u.length}catch(D){}};X.src="data:image/svg+xml;base64,"+btoa(unescape(encodeURIComponent('<svg xmlns="http://www.w3.org/2000/svg” xmlns:xlink="http://www.w3.org/1999/xlink" width="1px" height="1px" version="1.1"><foreignObject pointer-events="all" width="1" height="1"><div xmlns="http://www.w3.org/1999/xhtml"></div></foreignObject></svg>’)))}catch(u){}})(); (function(){var b=new mxObjectCodec(new ChangePageSetup,[“ui","previousColor","previousImage","previousFormat”]);b.beforeDecode=function(e,f,c){c.ui=e.ui;return f};b.afterDecode=function(e,f,c){c.previousColor=c.color;c.previousImage=c.image;c.previousFormat=c.format;null!=c.foldingEnabled&&(c.foldingEnabled=!c.foldingEnabled);null!=c.mathEnabled&&(c.mathEnabled=!c.mathEnabled);null!=c.shadowVisible&&(c.shadowVisible=!c.shadowVisible);return c};mxCodecRegistry.register(b)})(); (function(){var b=new mxObjectCodec(new ChangeGridColor,[“ui”]);b.beforeDecode=function(e,f,c){c.ui=e.ui;return f};mxCodecRegistry.register(b)})();(function(){EditorUi.VERSION="18.0.6";EditorUi.compactUi="atlas"!=uiTheme;Editor.isDarkMode()&&(mxGraphView.prototype.gridColor=mxGraphView.prototype.defaultDarkGridColor);EditorUi.enableLogging="1"!=urlParams.stealth&&"1"!=urlParams.lockdown&&(/.*\.draw\.io$/.test(window.location.hostname)||/.*\.diagrams\.net$/.test(window.location.hostname))&&"support.draw.io"!=window.location.hostname;EditorUi.drawHost=window.DRAWIO_BASE_URL;EditorUi.lightboxHost=window.DRAWIO_LIGHTBOX_URL;EditorUi.lastErrorMessage= (function(){var b=new mxObjectCodec(new ChangeGridColor,[“ui”]);b.beforeDecode=function(e,f,c){c.ui=e.ui;return f};mxCodecRegistry.register(b)})();(function(){EditorUi.VERSION="18.0.7";EditorUi.compactUi="atlas"!=uiTheme;Editor.isDarkMode()&&(mxGraphView.prototype.gridColor=mxGraphView.prototype.defaultDarkGridColor);EditorUi.enableLogging="1"!=urlParams.stealth&&"1"!=urlParams.lockdown&&(/.*\.draw\.io$/.test(window.location.hostname)||/.*\.diagrams\.net$/.test(window.location.hostname))&&"support.draw.io"!=window.location.hostname;EditorUi.drawHost=window.DRAWIO_BASE_URL;EditorUi.lightboxHost=window.DRAWIO_LIGHTBOX_URL;EditorUi.lastErrorMessage= null;EditorUi.ignoredAnonymizedChars="\n\t`~!@#$%^&*()_+{}|:\"<>?-=[];’./,\n\t";EditorUi.templateFile=TEMPLATE_PATH+"/index.xml";EditorUi.cacheUrl=window.REALTIME_URL;null==EditorUi.cacheUrl&&"undefined"!==typeof DrawioFile&&(DrawioFile.SYNC="none");Editor.cacheTimeout=1E4;EditorUi.enablePlantUml=EditorUi.enableLogging;EditorUi.isElectronApp=null!=window&&null!=window.process&&null!=window.process.versions&&null!=window.process.versions.electron;EditorUi.nativeFileSupport=!mxClient.IS_OP&&!EditorUi.isElectronApp&& "1"!=urlParams.extAuth&&"showSaveFilePicker"in window&&"showOpenFilePicker"in window;EditorUi.enableDrafts=!mxClient.IS_CHROMEAPP&&isLocalStorage&&"0"!=urlParams.drafts;EditorUi.scratchpadHelpLink="https://www.diagrams.net/doc/faq/scratchpad";EditorUi.enableHtmlEditOption=!0;EditorUi.defaultMermaidConfig={theme:"neutral",arrowMarkerAbsolute:!1,flowchart:{htmlLabels:!1},sequence:{diagramMarginX:50,diagramMarginY:10,actorMargin:50,width:150,height:65,boxMargin:10,boxTextMargin:5,noteMargin:10,messageMargin:35, mirrorActors:!0,bottomMarginAdj:1,useMaxWidth:!0,rightAngles:!1,showSequenceNumbers:!1},gantt:{titleTopMargin:25,barHeight:20,barGap:4,topPadding:50,leftPadding:75,gridLineStartPadding:35,fontSize:11,fontFamily:’"Open-Sans", "sans-serif"’,numberSectionStyles:4,axisFormat:"%Y-%m-%d"}};EditorUi.logError=function(d,g,k,l,p,q,x){q=null!=q?q:0<=d.indexOf(“NetworkError”)||0<=d.indexOf(“SecurityError”)||0<=d.indexOf(“NS_ERROR_FAILURE”)||0<=d.indexOf(“out of memory”)?"CONFIG":"SEVERE";if(EditorUi.enableLogging&&

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907