1. While uploading an image on https://demo-publify.herokuapp.com/admin/resources as a low privileged user the meta data of the image like geolocation, device information, version, name etc is not getting stripped, as a result the attacker can collect all the meta data information of the image by using tools like exif tool, metadata checker etc which is publicly available.

Steps to reproduce:

1. Login as demo user
2. Go to https://demo-publify.herokuapp.com/admin/resources
3. Upload any images on the media library

4. Copy the url by clicking on original size or open the image in new tab
5. go to http://exif-viewer.com and check the image metadata by pasting the copied link, al the sensitive informations got disclosed publicly

Patch recommendation:

1. Remove the meta data from uploaded images