CVE-2022-0724

EPSS 0.46%

Insecure Storage of Sensitive Information in Microweber

發布日:2022/2/24修改日:2024/12/5

描述

Microweber prior to version 1.3 does not strip images of EXIF data, exposing information about users' locations, device hardware, and device software.

受影響套件(1)

Packagist/microweber/microweberfrom 0, < 1.3

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0724
PATCHhttps://github.com/microweber/microweber
WEBhttps://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3
WEBhttps://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062