What the vulnerability does
01Description
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.
CVSS base score
9.6/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
July 27, 2023
CVE published
October 15, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-3454
CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()
CVE-2026-27130 Dokploy has Command Injection in its Service Operations
CVE-2024-23924 Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability
CVE-2026-0779 ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability
