CVE-2023-3398: 
NixOS vulnerability analysis and mitigation

A Denial of Service vulnerability was identified in GitHub repository jgraph/drawio versions prior to 18.1.3. The vulnerability was assigned CVE-2023-3398 and was disclosed on June 26, 2023. The vulnerability affects the diagrams.drawio software package (NVD, CVE).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. A secondary assessment by huntr.dev rated it as MEDIUM with a score of 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption) (NVD).

The vulnerability affects the availability of the system, with no direct impact on confidentiality or integrity. The HIGH CVSS score indicates that successful exploitation could result in a significant denial of service condition (NVD).

The vulnerability has been patched in version 18.1.3 of drawio. Users should upgrade to this version or later to mitigate the vulnerability. The fix was implemented through a commit that added size checks for fetched connection data (GitHub Commit).