endroid/qr-code-bundle File Disclosure via logo_path query parameter

Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logopath query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure...

GHSA-MVF6-3F2G-XFXF endroid/qr-code-bundle File Disclosure via logo_path query parameter

Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logopath query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure...

PT-2024-40382 · Unknown · Endroid/Qr-Code-Bundle

Name of the Vulnerable Software and Affected Versions: endroid/qr-code-bundle versions prior to 3.4.2 Description: The issue arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure through the logo path query parameter. Recommendations: For...

Information Disclosure

endroid/qr-code is vulnerable to information disclosure. The logo is not validated to contain valid image data, allowing an attacker to specify a non-image data and retrieve data from non-image files...