Skip to content

Commit 4a4e773

Browse files
committed
1 parent cb8ed96 commit 4a4e773

1 file changed

Lines changed: 28 additions & 4 deletions

File tree

advisories/unreviewed/2026/05/GHSA-hr7c-pw36-w99g/GHSA-hr7c-pw36-w99g.json

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,38 @@
66
"aliases": [
77
"CVE-2026-7182"
88
],
9-
"details": "Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include\n local files from the server and display them in the generated pdf. \n\nThis issue was fixed in version 1.1.1.",
9+
"summary": "Path Traversal in DHTMLX Diagram Export Module via Unsanitized src Attribute",
10+
"details": "### Summary\nThe DHTMLX Diagram export module is vulnerable to Path Traversal via the `src` attribute during HTML processing. Due to a lack of proper HTML sanitization before generating document exports, an unauthenticated remote attacker can inject a crafted HTML payload containing arbitrary file paths. When the server processes the export request to generate a PDF or image file, the underlying rendering engine resolves the path traversal sequences and embeds the contents of local system files directly into the generated output document.\n\nThis vulnerability affects self-hosted or local deployments using the standalone DHTMLX Diagram export server module.\n\n### Remediation\nUpgrade the standalone DHTMLX Diagram export service backend to version **1.1.1** or later. If you are utilizing the official Docker distribution, pull the latest image and restart your container instance:\n\n```bash\ndocker pull dhtmlx/diagram-export:latest",
1011
"severity": [
1112
{
12-
"type": "CVSS_V4",
13-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "@dhtmlx/diagram-export"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "= 1.1.1"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "< 1.1.1"
38+
}
1439
}
1540
],
16-
"affected": [],
1741
"references": [
1842
{
1943
"type": "ADVISORY",

0 commit comments

Comments
 (0)