Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-1575
CVE-2022-1575:
NixOS vulnerability analysis and mitigation
Overview
A critical security vulnerability (CVE-2022-1575) was discovered in GitHub repository jgraph/drawio versions prior to 18.0.0. The vulnerability allows for arbitrary code execution through sanitizer bypass, which could lead to arbitrary (remote) code execution in the desktop app and stored XSS in the web app (CVE Mitre).
Technical details
The vulnerability stems from issues with the sanitizer implementation in drawio versions before 18.0.0. As part of the remediation, the project replaced its existing sanitizer with DOMpurify to address the security concerns (GitHub Commit).
Impact
The vulnerability has two main impact vectors: it enables arbitrary remote code execution capabilities in the desktop application and allows for stored Cross-Site Scripting (XSS) attacks in the web application (CVE Mitre).
Mitigation and workarounds
The vulnerability was addressed in drawio version 18.0.0 by replacing the existing sanitizer implementation with DOMpurify. Users are advised to upgrade to version 18.0.0 or later to protect against this vulnerability (GitHub Commit).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management