Описание
toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0 (исключая)
cpe:2.3:a:touchbase.ai_project:touchbase.ai:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
3.5 Low
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200
EPSS
Процентиль: 42%
0.00203
Низкий
3.5 Low
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200