CVE-2020-26220
LOWtouchbase.ai < 2.0 - Unauthorized Sensitive Information Exposure via EXIF Data Leak
Title source: llmDescription
toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/puncsky/touchbase.ai/security/advisories/GHSA-hh6j-j73p-cp3h
Patch, Third Party Advisory x_refsource_misc
https://github.com/puncsky/touchbase.ai/pull/400/commits/69de77b163f6debaeb3f8d1a85367310a40d196f
Scores
CVSS v3
3.5
EPSS
0.0074
EPSS Percentile
50.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
touchbase.ai_project/touchbase.ai
< 2.0
Published
Nov 11, 2020
Tracked Since
Feb 18, 2026