关键漏洞信息 漏洞名称: SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio CVE编号: CVE-2022-1722 漏洞类型: Server-Side Request Forgery (SSRF) 严重性: High (7.5) 受影响的版本: Online Editor 描述 The proxy server does not check for link-local IPv6 addresses. In the code snippet , it checks for local IP addresses but misses the link-local IPv6 address check. 证明概念 (PoC) 1. Set up Wireshark. 2. Open the DrawIO webapp locally: . 3. The server attempts to connect to , the default gateway, indicating link-local IPv6 addresses are not being filtered. 影响 SSRF to internal link-local IPv6 addresses. 修复 Fixed in version 18.0.5 with commit . The fix bounty has been dropped.