| Reported on Immunefi | Dec-16-2024 |
| Mitigation | Dec-16-2024 |
| Solution Completed | Dec-16-2024 |
When browsing to the review verification page the API returns metadata of this review including the e-mail address of the author. When accessing to a studio profile page the API return the list of review IDs related to this studio. Using this IDs, is possible to reach the verification url of each review and see the e-mail address of the authors.
Websites & Applications - Low.
Both endpoints has been modified to not expose sensitive information not needed for rendering each webpage. Verification url doesn't expose e-mail address anymore. Studios profile pages doesn't expose reviews IDs