Publify Core does not strip metadata from images
Published: January 14, 2023
SECURITY IDENTIFIERS
- CVE: CVE-2022-2815 (NVD)
- GHSA: GHSA-79wq-g4v9-gfj4
- Vendor Advisory: https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd
GEM
SEVERITY
CVSS v3.x: 6.5 (Medium)
PATCHED VERSIONS
>= 9.2.10
DESCRIPTION
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.