CVE-2019-14280

Published July 26th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

craftcms/cms

Build bespoke content experiences with Craft.

GitHub

3.58K