GoogleOSV:GHSA-79WQ-G4V9-GFJ4Publify Core does not strip metadata from images
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
31.1%
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
References
github.com/publify/publify
github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd
github.com/publify/publify_core/commit/33f897c12b6efdcdfd8cf9df924deba0f878b71e
github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2022-2815.yml
huntr.dev/bounties/22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4
nvd.nist.gov/vuln/detail/CVE-2022-2815
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
31.1%