DRUPAL-CONTRIB-2022-015

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/exif/DRUPAL-CONTRIB-2022-015.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-015
Published
2022-01-25T18:39:13Z
Modified
2025-12-10T23:29:26.650591Z
Summary
[none]
Details

This module enables you to automatically scan images uploaded to the site to extract their meta data and store it in taxonomy structures.

The module doesn't sufficiently protect against malicious files being used to attack the site.

This vulnerability is mitigated by the fact that an attacker must have permission to upload images to the site.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/exif

Package

Name
drupal/exif
Purl
pkg:composer/drupal/exif

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0
Database specific 
{
    "constraint": "<1.3.0"
}
Type
ECOSYSTEM
Events
Introduced
2.2.0
Fixed
2.3.0
Database specific 
{
    "constraint": ">=2.2.0 <2.3.0"
}

Database specific

affected_versions 
"<1.3.0 || >=2.2.0 <2.3.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/exif/DRUPAL-CONTRIB-2022-015.json"
patched 
true