### Critical Vulnerability Information - **Vulnerability Name**: SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio - **CVE ID**: CVE-2022-1722 - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Severity**: High (7.5) - **Affected Versions**: Online Editor ### Description The proxy server does not check for link-local IPv6 addresses. In the code snippet `https://github.com/jgraph/drawio/blob/dev/src/main/java/com/mxgraph/online/ProxyServlet.java#L255-L257`, it checks for local IP addresses but omits the check for link-local IPv6 addresses. ### Proof of Concept (PoC) 1. Set up Wireshark. 2. Open the DrawIO web application locally: `http://localhost:8080/draw/proxy?url=%68%74%74%70%3a%2f%2f%5b%66%65%38%30%3a%3a%3a%3a%3a%3a%31%5d`. 3. The server attempts to connect to `[fe80::1]`, the default gateway, indicating that link-local IPv6 addresses are not being filtered. ### Impact SSRF to internal link-local IPv6 addresses. ### Fix - Fixed in version 18.0.5 with commit `cf5c78`. - The fix bounty has been dropped.