Add CVE-2021-32644 for GHSA-vqpj-xgw2-r54q

2025-12-30 05:58:39 +00:00 · 2021-06-22 10:44:17 -07:00 · 2021-06-22 10:44:17 -07:00 · c0733a3fcf
commit c0733a3fcf
parent 9bec8dc4bd
1 changed files with 76 additions and 6 deletions
--- a/2021/32xxx/CVE-2021-32644.json
+++ b/2021/32xxx/CVE-2021-32644.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-32644",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cross-site Scripting in Random.php"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "ampache",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 4.0.0, < 4.4.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "ampache"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.4,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/ampache/ampache/security/advisories/GHSA-vqpj-xgw2-r54q",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/ampache/ampache/security/advisories/GHSA-vqpj-xgw2-r54q"
+            },
+            {
+                "name": "https://github.com/ampache/ampache/commit/c9453841e1b517a1660c3da1efd1fe5d623c93a5",
+                "refsource": "MISC",
+                "url": "https://github.com/ampache/ampache/commit/c9453841e1b517a1660c3da1efd1fe5d623c93a5"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-vqpj-xgw2-r54q",
+        "discovery": "UNKNOWN"
    }
 }