From c9e5bf6667ef71e86b2b2a5ff4a0c15f267527d8 Mon Sep 17 00:00:00 2001
From: Daniel Elkabes <daniel.elkabes@whitesourcesoftware.com>
Date: Fri, 14 Oct 2022 09:56:24 +0300
Subject: [PATCH 1/2] Add CVE-2022-32176

---
 2022/32xxx/CVE-2022-32176.json | 93 +++++++++++++++++++++++++++++-----
 1 file changed, 79 insertions(+), 14 deletions(-)

diff --git a/2022/32xxx/CVE-2022-32176.json b/2022/32xxx/CVE-2022-32176.json
index 0889c153127..7c37c29c977 100644
--- a/2022/32xxx/CVE-2022-32176.json
+++ b/2022/32xxx/CVE-2022-32176.json
@@ -1,18 +1,83 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-32176",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+  "CVE_data_meta" : {
+    "ASSIGNER" : "vulnerabilitylab@mend.io",
+    "ID" : "CVE-2022-32176",
+    "STATE" : "PUBLIC",
+    "DATE_PUBLIC" : "Oct 11, 2022, 12:00:00 AM",
+    "TITLE" : "Gin-vue-admin - Unrestricted File Upload"
+  },
+  "affects" : {
+    "vendor" : {
+      "vendor_data" : [ {
+        "vendor_name" : "gin-vue-admin",
+        "product" : {
+          "product_data" : [ {
+            "product_name" : "gin-vue-admin",
+            "version" : {
+              "version_data" : [ {
+                "version_value" : "v2.5.1",
+                "version_affected" : ">="
+              }, {
+                "version_value" : "v2.5.3b",
+                "version_affected" : "<="
+              } ]
             }
-        ]
+          } ]
+        }
+      } ]
     }
+  },
+  "credit" : [ {
+    "lang" : "eng",
+    "value" : "Mend Vulnerability Research Team (MVR)"
+  } ],
+  "data_format" : "MITRE",
+  "data_type" : "CVE",
+  "data_version" : "4.0",
+  "description" : {
+    "description_data" : [ {
+      "lang" : "eng",
+      "value" : "In \"Gin-Vue-Admin\", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the \"Compress Upload\" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover."
+    } ]
+  },
+  "generator" : {
+    "engine" : "Vulnogram 0.0.9"
+  },
+  "impact" : {
+    "cvss" : {
+      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+      "attackComplexity" : "LOW",
+      "attackVector" : "NETWORK",
+      "availabilityImpact" : "HIGH",
+      "confidentialityImpact" : "HIGH",
+      "integrityImpact" : "HIGH",
+      "privilegesRequired" : "LOW",
+      "scope" : "CHANGED",
+      "userInteraction" : "REQUIRED",
+      "version" : 3.1,
+      "baseScore" : 9.0,
+      "baseSeverity" : "CRITICAL"
+    }
+  },
+  "references" : {
+    "reference_data" : [ {
+      "refsource" : "MISC",
+      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32176"
+    }, {
+      "refsource" : "CONFIRM",
+      "url" : "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/image.vue#L43-#L49"
+    } ]
+  },
+  "problemtype" : {
+    "problemtype_data" : [ {
+      "description" : [ {
+        "lang" : "eng",
+        "value" : "CWE-434 Unrestricted Upload of File with Dangerous Type"
+      } ]
+    } ]
+  },
+  "source" : {
+    "advisory" : "https://www.mend.io/vulnerability-database/",
+    "discovery" : "UNKNOWN"
+  }
 }
\ No newline at end of file

From 782678886925b3931d26d4fa73ba71531e1577d5 Mon Sep 17 00:00:00 2001
From: anthnysingleton <anthnysingleton@gmail.com>
Date: Mon, 17 Oct 2022 14:23:17 -0400
Subject: [PATCH 2/2] Update CVE-2022-32176.json

Removing second # from reference. It caused an error on our end while processing this request.
---
 2022/32xxx/CVE-2022-32176.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/2022/32xxx/CVE-2022-32176.json b/2022/32xxx/CVE-2022-32176.json
index 7c37c29c977..86c2f3081cd 100644
--- a/2022/32xxx/CVE-2022-32176.json
+++ b/2022/32xxx/CVE-2022-32176.json
@@ -65,7 +65,7 @@
       "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32176"
     }, {
       "refsource" : "CONFIRM",
-      "url" : "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/image.vue#L43-#L49"
+      "url" : "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/image.vue#L43-L49"
     } ]
   },
   "problemtype" : {
@@ -80,4 +80,4 @@
     "advisory" : "https://www.mend.io/vulnerability-database/",
     "discovery" : "UNKNOWN"
   }
-}
\ No newline at end of file
+}