Headline
GHSA-65v8-6pvw-jwvq: Answer vulnerable to Insertion of Sensitive Information Into Sent Data
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user’s device ID, geolocation, system information, system version, etc.
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
High severity GitHub Reviewed Published Apr 11, 2023 to the GitHub Advisory Database • Updated Apr 11, 2023