GHSA-j8cx-j9j2-f29w

Source

https://github.com/advisories/GHSA-j8cx-j9j2-f29w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-j8cx-j9j2-f29w/GHSA-j8cx-j9j2-f29w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j8cx-j9j2-f29w

Aliases

CVE-2022-0724

Published

2022-02-24T00:00:53Z

Modified

2024-12-05T05:38:19.819031Z

Summary

Insecure Storage of Sensitive Information in Microweber

Details

Microweber prior to version 1.3 does not strip images of EXIF data, exposing information about users' locations, device hardware, and device software.

Database specific

{
    "nvd_published_at": "2022-02-23T11:15:00Z",
    "cwe_ids": [
        "CWE-922"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-24T22:27:40Z"
}

References

Affected packages

Packagist / microweber/microweber

Package

Name: microweber/microweber
Purl: pkg:composer/microweber/microweber

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3

Affected versions

0.*

0.9.346

0.93

0.931

0.934

0.951

1.*

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1

v1.*

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.20

v1.2.21