Search CVE reports
1 – 5 of 5 results
Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can...
1 affected package
plantuml
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| plantuml | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
1 affected package
plantuml
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| plantuml | Not affected | Not affected | Not affected | Not affected |
Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.
1 affected package
plantuml
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| plantuml | Ignored | Ignored | Not affected | Not affected |
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery...
1 affected package
plantuml
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| plantuml | Not affected | Not affected | Not affected | Not affected |
Some fixes available 6 of 9
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account...
1 affected package
plantuml
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| plantuml | Fixed | Fixed | Fixed | Fixed |