What is CVE-2022-32177?

CVE-2022-32177 is a critical-severity vulnerability in Gin-vue-admin, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.0/10. Published 2022-10-14.

How severe is CVE-2022-32177?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Arbitrary file upload in Gin-vue-admin

CVE-2022-32177

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uplo…

Vulnerability class: Unrestricted File Upload

EPSS: 0.009 (56.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Gin-vue-admin — versions v2.5.1, unspecified
Gin-vue-admin_project Gin-vue-admin — versions 2.5.3

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

vulnerabilitylab@mend.io (Exploit, Third Party Advisory)
vulnerabilitylab@mend.io (Exploit, Third Party Advisory)

Frequently asked questions

What is CVE-2022-32177?: CVE-2022-32177 is a critical-severity vulnerability in Gin-vue-admin, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.0/10. Published 2022-10-14.
How severe is CVE-2022-32177?: Critical severity. CVSS v3 base score is 9.0 out of 10.