Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-27jd-spvn-u7b1
Vulnerability ID VCID-27jd-spvn-u7b1
Aliases GHSA-mvf6-3f2g-xfxf
Summary endroid/qr-code-bundle File Disclosure via logo_path query parameter
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-mvf6-3f2g-xfxf
generic_textual MODERATE https://github.com/endroid/qr-code-bundle
generic_textual MODERATE https://github.com/endroid/qr-code-bundle/commit/51928eaaa30e7db1fd3f1076744dcbc8f8cec8c8
generic_textual MODERATE https://github.com/endroid/qr-code-bundle/releases/tag/3.4.2
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/endroid/qr-code-bundle/2019-12-22.yaml
Reference id Reference type URL
https://github.com/endroid/qr-code-bundle
https://github.com/endroid/qr-code-bundle/commit/51928eaaa30e7db1fd3f1076744dcbc8f8cec8c8
https://github.com/endroid/qr-code-bundle/releases/tag/3.4.2
https://github.com/FriendsOfPHP/security-advisories/blob/master/endroid/qr-code-bundle/2019-12-22.yaml
GHSA-mvf6-3f2g-xfxf https://github.com/advisories/GHSA-mvf6-3f2g-xfxf
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-11T20:34:47.658857+00:00 GHSA Importer Import https://github.com/advisories/GHSA-mvf6-3f2g-xfxf 38.6.0