answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc.

Affected Packages

Go github.com/answerdev/answer

Affected versions: 0 (fixed in 1.0.8)

Related CVEs

CVE-2023-1975

Key Information

GHSA ID

GHSA-65v8-6pvw-jwvq

Published

April 11, 2023 12:30 PM

Last Modified

April 19, 2023 5:11 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/answerdev/answer

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.