Security
Headlines

Headlines Latest CVEs

Headline

GHSA-65v8-6pvw-jwvq: Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user’s device ID, geolocation, system information, system version, etc.

1 year ago

Answer vulnerable to Insertion of Sensitive Information Into Sent Data

High severity GitHub Reviewed Published Apr 11, 2023 to the GitHub Advisory Database • Updated Apr 11, 2023

Related news

CVE-2023-1975: remove exif · answerdev/answer@ac3f2f0

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.

1 year ago

#sql #mac #js #git #java #c++#oauth #auth #docker

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission

12 hours ago

GHSA-jjxq-ff2g-95vh: Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled

12 hours ago

GHSA-6377-hfv9-hqf6: Twig has unguarded calls to `__toString()` when nesting an object into an array

12 hours ago

GHSA-hv6m-qj65-26q3: UnoPim Cross-site Scripting vulnerability

14 hours ago

GHSA-rhm9-gp5p-5248: Gradio vulnerable to arbitrary file read with File and UploadButton components

16 hours ago