+ "details": "### Summary\nThe DHTMLX Diagram export module is vulnerable to Path Traversal via the `src` attribute during HTML processing. Due to a lack of proper HTML sanitization before generating document exports, an unauthenticated remote attacker can inject a crafted HTML payload containing arbitrary file paths. When the server processes the export request to generate a PDF or image file, the underlying rendering engine resolves the path traversal sequences and embeds the contents of local system files directly into the generated output document.\n\nThis vulnerability affects self-hosted or local deployments using the standalone DHTMLX Diagram export server module.\n\n### Remediation\nUpgrade the standalone DHTMLX Diagram export service backend to version **1.1.1** or later. If you are utilizing the official Docker distribution, pull the latest image and restart your container instance:\n\n```bash\ndocker pull dhtmlx/diagram-export:latest",
0 commit comments