CVE-2022-1713: 
NixOS vulnerability analysis and mitigation

CVE-2022-1713 is a Server-Side Request Forgery (SSRF) vulnerability discovered in the GitHub repository jgraph/drawio versions prior to 18.0.4. The vulnerability was identified in the /proxy endpoint, where an attacker could make requests as the server and read their contents, potentially leading to sensitive information disclosure (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited over the network with low attack complexity, requires no privileges or user interaction, and primarily impacts confidentiality. The vulnerability is classified as CWE-918 (Server-Side Request Forgery) (NVD).

The vulnerability allows attackers to make server-side requests and read their contents, which could result in the exposure of sensitive information. The high confidentiality impact rating suggests that the attacker can gain access to significant amounts of sensitive data through successful exploitation (NVD).

The vulnerability has been patched in version 18.0.4 of the drawio application. Users are advised to upgrade to this version or later to mitigate the risk. The fix includes improvements to the URL parameter checking in the ProxyServlet.java file (GitHub Patch).