Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): PlantUML
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-3500 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims. Published: August 01, 2023; 9:15:09 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-3432 |
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. Published: June 27, 2023; 11:15:11 AM -0400 |
V3.1: 10.0 CRITICAL V2.0:(not available) |
CVE-2023-3431 |
Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. Published: June 27, 2023; 11:15:11 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2020-36523 |
A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published: June 07, 2022; 2:15:10 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-1379 |
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers. Published: May 14, 2022; 6:15:07 AM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-1231 |
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running). Published: April 15, 2022; 11:15:12 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14954 |
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. Published: October 01, 2019; 10:15:34 AM -0400 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |