NuytsTech Security

CVE-2022-1575

by ·

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. – Arbitrary (remote) code execution in the desktop app. – Stored XSS in the web app.

Date published : 2022-05-05

https://huntr.dev/bounties/033d3423-eb05-4b53-a747-1bfcba873127

https://github.com/jgraph/drawio/commit/f768ed73875d5eca20110b9c1d72f2789cd1bab7

Tags: