Skip to content
This repository has been archived by the owner on Jul 30, 2021. It is now read-only.

Exif Geolocation Data not stripped

Low
puncsky published GHSA-hh6j-j73p-cp3h Nov 10, 2020

Package

No package listed

Affected versions

1.1.0

Patched versions

None

Description

Impact

Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present)

Patches

The vulnerability will be patched in version 2.0.

Workarounds

Update to Version 2.0

Severity

Low

CVE ID

CVE-2020-26220

Weaknesses

No CWEs