Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qOGN4LWo5ajItZjI5d80uQg
Insecure Storage of Sensitive Information in Microweber
Microweber prior to version 1.3 does not strip images of EXIF data, exposing information about users' locations, device hardware, and device software.
Permalink: https://github.com/advisories/GHSA-j8cx-j9j2-f29wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qOGN4LWo5ajItZjI5d80uQg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-j8cx-j9j2-f29w, CVE-2022-0724
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0724
- https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3
- https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062
- https://github.com/advisories/GHSA-j8cx-j9j2-f29w
Blast Radius: 0.0
Affected Packages
packagist:microweber/microweber
Dependent packages: 1Dependent repositories: 5
Downloads: 12,460 total
Affected Version Ranges: < 1.3
Fixed in: 1.3
All affected versions: 0.9.346, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16, 1.2.17, 1.2.18, 1.2.19, 1.2.20, 1.2.21
All unaffected versions: 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13