Browse all 4 CVE security advisories affecting plantuml. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Plantuml is a Java-based tool for creating UML diagrams through text descriptions, widely used in software development for visualizing system architectures. Historically, it has been vulnerable to remote code execution (RCE) due to unsafe deserialization and improper input validation, as well as cross-site scripting (XSS) through crafted diagram inputs. The tool has faced privilege escalation risks in certain deployment scenarios. While no major public security incidents have been widely documented, the four CVEs on record highlight persistent concerns around input handling and sandbox bypasses. Its Java foundation introduces additional attack surfaces, though regular updates mitigate some risks. Users should implement strict input validation and maintain current versions to address potential vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-3432 | Server-Side Request Forgery (SSRF) in plantuml/plantuml — plantuml/plantumlCWE-918 | 7.5 | - | 2023-06-27 |
| CVE-2023-3431 | Improper Access Control in plantuml/plantuml — plantuml/plantumlCWE-284 | 5.4 | - | 2023-06-27 |
| CVE-2022-1379 | URL Restriction Bypass in plantuml/plantuml — plantuml/plantumlCWE-918 | 10.0 | - | 2022-05-14 |
| CVE-2022-1231 | XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml — plantuml/plantumlCWE-79 | 6.1 | - | 2022-04-15 |
This page lists every published CVE security advisory associated with plantuml. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.