Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-65v8-6pvw-jwvq: Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user’s device ID, geolocation, system information, system version, etc.

ghsa
#git

Answer vulnerable to Insertion of Sensitive Information Into Sent Data

High severity GitHub Reviewed Published Apr 11, 2023 to the GitHub Advisory Database • Updated Apr 11, 2023

Related news

CVE-2023-1975: remove exif · answerdev/answer@ac3f2f0

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.