Closed
Description
In GitHub Security Advisory GHSA-65v8-6pvw-jwvq, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/answerdev/answer | 1.0.8 | < 1.0.8 |
Cross references:
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-65px-4cpf-697r #1541 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-4cwh-8w4g-jxxh #1550 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-hjmr-xm25-36mh #1551 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-p7wj-c85f-xq9h #1552 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qx34-47fc-vv79 #1553 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-rmw8-7823-wp7f #1554 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6cvf-m58q-h9wf #1592 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6c32-3x46-m9rh #1612 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-55vm-3vq3-4jpc #1613 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-5w78-v688-cx9q #1614 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-8jh8-33f5-cgfp #1615 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-9v4v-9fj5-p982 #1616 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ff27-hrmr-ggpj #1617 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-h85v-cx5m-78wj #1618 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qrwm-xqfr-4vhv #1619 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-vxhr-p2vp-7gf8 #1620 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6x5v-cxpp-pc5x #1654 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-79hx-g43v-xfmr #1655 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-83qr-c7m9-wmgw #1656 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-g44v-6qfm-f6ch #1657 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-h2wg-83fc-xvm9 #1658 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-hwj7-frgj-7829 #1659 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-r95w-7cpx-h5mx #1660 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-rvjp-8qj4-8p29 #1661 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-xvfj-84vc-hrmf #1662 EFFECTIVELY_PRIVATE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/answerdev/answer
versions:
- fixed: 1.0.8
packages:
- package: github.com/answerdev/answer
summary: Answer vulnerable to Insertion of Sensitive Information Into Sent Data
description: answerdev/answer is an open-source knowledge-based community software.
Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded
logos. As a result, anyone can get sensitive information like a user's device
ID, geolocation, system information, system version, etc.
cves:
- CVE-2023-1975
ghsas:
- GHSA-65v8-6pvw-jwvq
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2023-1975
- fix: https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a
- web: https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff
- advisory: https://github.com/advisories/GHSA-65v8-6pvw-jwvq