CVE-2019-14280

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-14280
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14280.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-14280
Published
2019-07-26T04:15:11.760Z
Modified
2026-02-03T07:04:56.617621Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

References

Affected packages

Git / github.com/craftcms/cms

Affected ranges

Type
GIT
Repo
https://github.com/craftcms/cms
Events
Introduced
18263261a5a70f0f84d78db6c4449b6fe304224e
Fixed
02739d27edfc4eea0749ee2c3aedbc91745f998c
Introduced
64e102b9d2598e92d68e0d5ecc864bc47c38004e
Fixed
2f9ef3ed80295c763eae9d9af96401336d0645a2

Affected versions

2.*
2.6.3015
2.6.3016
2.6.3017
2.6.3018
2.6.3019
2.7.0
2.7.0-beta-2
2.7.0-beta.2
2.7.0.1
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.7.1
2.7.7.2
2.7.7.3
2.7.8
2.7.9
3.*
3.0.0
3.0.0.1
3.0.0.2
3.0.1
3.0.10
3.0.10.1
3.0.10.2
3.0.10.3
3.0.11
3.0.12
3.0.13
3.0.13.1
3.0.13.2
3.0.14
3.0.15
3.0.16
3.0.16.1
3.0.17
3.0.17.1
3.0.18
3.0.19
3.0.2
3.0.20
3.0.21
3.0.22
3.0.23
3.0.23.1
3.0.24
3.0.25
3.0.26
3.0.26.1
3.0.27
3.0.27.1
3.0.28
3.0.29
3.0.3
3.0.3.1
3.0.30
3.0.30.1
3.0.30.2
3.0.31
3.0.32
3.0.33
3.0.34
3.0.35
3.0.36
3.0.37
3.0.38
3.0.39
3.0.4
3.0.40
3.0.40.1
3.0.41
3.0.41.1
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.0-beta.1
3.1.0-beta.2
3.1.0-beta.3
3.1.0-beta.4
3.1.0-beta.5
3.1.0-beta.5.1
3.1.0-beta.6
3.1.0-beta.7
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.17.1
3.1.17.2
3.1.18
3.1.19
3.1.2
3.1.2.1
3.1.2.2
3.1.20
3.1.20.1
3.1.21
3.1.21.1
3.1.22
3.1.23
3.1.24
3.1.25
3.1.26
3.1.27
3.1.28
3.1.29
3.1.3
3.1.30
3.1.31
3.1.32
3.1.32.1
3.1.33
3.1.34
3.1.34.1
3.1.34.2
3.1.4
3.1.5
3.1.6
3.1.6.1
3.1.7
3.1.8
3.1.9
3.1.9.1
3.2.0
3.2.0-RC1
3.2.0-RC2
3.2.0-RC3
3.2.0-alpha.1
3.2.0-alpha.2
3.2.0-alpha.2.1
3.2.0-alpha.3
3.2.0-alpha.5
3.2.0-alpha.6
3.2.0-alpha.6.1
3.2.0-alpha.6.2
3.2.0-alpha.6.3
3.2.0-alpha.6.4
3.2.0-alpha.7
3.2.0-beta.1
3.2.0-beta.2
3.2.0-beta.3
3.2.1
3.2.2
3.2.3
3.2.4
3.2.4.1
3.2.5
3.2.5.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14280.json"

Git / github.com/nystudio107/craft-seomatic

Affected ranges

Type
GIT
Repo
https://github.com/nystudio107/craft-seomatic
Events
Introduced
6fb1a5abaabca14814077528909b8e64cfaaea16
Fixed
46a0c126932c5c570d901dc8ea3982c26512126f

Affected versions

3.*
3.0.0
3.0.1
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.2
3.0.20
3.0.22
3.0.23
3.0.24
3.0.25
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.13.1
3.1.14
3.1.16
3.1.17
3.1.18
3.1.18.1
3.1.19
3.1.2
3.1.20
3.1.21
3.1.22
3.1.23
3.1.24
3.1.25
3.1.26
3.1.27
3.1.28
3.1.29
3.1.3
3.1.30
3.1.31
3.1.32
3.1.33
3.1.34
3.1.35
3.1.36
3.1.37
3.1.38
3.1.39
3.1.4
3.1.40
3.1.41
3.1.42
3.1.43
3.1.44
3.1.45
3.1.46
3.1.47
3.1.48
3.1.49
3.1.5
3.1.50
3.1.6
3.1.7
3.1.8
3.1.9
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14280.json"