PlantUML 1.2017.19

CPE Details

PlantUML 1.2017.19
plantuml
plantuml
1.2017.19
2022-04-27
14h41 +00:00
2022-04-27
21h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:plantuml:plantuml:1.2017.19:*:*:*:*:*:*:*

Informations

Vendor

plantuml

Product

plantuml

Version

1.2017.19

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-3432 2023-06-27 14h30 +00:00 Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
10
Critical
CVE-2023-3431 2023-06-27 14h28 +00:00 Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.
5.3
Medium
CVE-2022-1379 2022-05-14 07h55 +00:00 URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.
9.1
Critical
CVE-2022-1231 2022-04-15 13h05 +00:00 XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).
6.1
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.