Skip to content

[GHSA-hr7c-pw36-w99g] Diagram's export module is vulnerable to Path Traversal... #7700

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Vendetaaaa wants to merge 1 commit into
base: Vendetaaaa/advisory-improvement-7700
Choose a base branch
from
Open

[GHSA-hr7c-pw36-w99g] Diagram's export module is vulnerable to Path Traversal... #7700

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 28 additions & 4 deletions advisories/unreviewed/2026/05/GHSA-hr7c-pw36-w99g/GHSA-hr7c-pw36-w99g.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,38 @@
"aliases": [
"CVE-2026-7182"
],
"details": "Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include\n local files from the server and display them in the generated pdf. \n\nThis issue was fixed in version 1.1.1.",
"summary": "Path Traversal in DHTMLX Diagram Export Module via Unsanitized src Attribute",
"details": "### Summary\nThe DHTMLX Diagram export module is vulnerable to Path Traversal via the `src` attribute during HTML processing. Due to a lack of proper HTML sanitization before generating document exports, an unauthenticated remote attacker can inject a crafted HTML payload containing arbitrary file paths. When the server processes the export request to generate a PDF or image file, the underlying rendering engine resolves the path traversal sequences and embeds the contents of local system files directly into the generated output document.\n\nThis vulnerability affects self-hosted or local deployments using the standalone DHTMLX Diagram export server module.\n\n### Remediation\nUpgrade the standalone DHTMLX Diagram export service backend to version **1.1.1** or later. If you are utilizing the official Docker distribution, pull the latest image and restart your container instance:\n\n```bash\ndocker pull dhtmlx/diagram-export:latest",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@dhtmlx/diagram-export"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "= 1.1.1"
}
]
}
],
"database_specific": {
"last_known_affected_version_range": "< 1.1.1"
}
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
Expand Down