What the vulnerability does
01Description
OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.
CVSS base score
7.0/10
CVSS vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
September 9, 2022
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-20056 Cisco Access Point Software Denial of Service Vulnerability
CVE-2025-8697 agentUniverse MCPSessionManager/MCPTool/MCPToolkit StdioServerParameters os command injection
CVE-2026-41247 elFinder: Command injection in resize background color parameter when using ImageMagick CLI
CVE-2019-12717 Cisco NX-OS Software Virtualization Manager Command Injection Vulnerability
CVE-2026-8229 Wavlink NU516U1 wireless.cgi WifiBasic os command injection
