CVE-2023-1974

Name of the Vulnerable Software and Affected Versions answerdev/answer versions prior to 1.0.8

Description The issue concerns the exposure of sensitive information through metadata in the answerdev/answer GitHub repository. This exposure can include sensitive data such as EXIF data and GPS coordinates via image metadata. The software is an open-source knowledge-based community platform.

Recommendations For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue. As a temporary workaround, consider removing or restricting access to sensitive image metadata until the update is applied.