Ben-gsp

We recently underwent pen testing and our forums got flagged because EXIF geolocation data is not getting stripped from uploaded images. Is there a way to mitigate this? Steps to Reproduce: Visit any topic and click the reply. Upload an image with EXIF Geolocation data, such as the attached sample image, in the reply box Now download the image. Use windows properties tool or any EXIF viewer such as exifdata.com, and check the metadata. Whatever was there when uploaded should be there when downloaded. Here, you will find that Geolocation Data is showing on the longitude and latitude section. Business Impact: When an application fails to remove the EXIF data from uploaded images, it breaks the user’s trust in the application and can result in reputational damage to the business. This impact is amplified by the speed of which an attacker is able to enumerate geolocation data of users on the platform.