2019-07-26 03:52:46
mitre
PUBLISHED
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasnt stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.