Skip to content

FreeScout Dependencies Security

FreeScout edited this page May 16, 2024 · 19 revisions

« FreeScout Security

You can read how FreeScout Team ensures dependencies security here.

Below is the list of known security issues in dependencies along with the information on patches fixing them in FreeScout.

laravel/framework

RCE vulnerability in "cookie" session driver
https://blog.laravel.com/laravel-cookie-security-releases

Fix: 822fb85


CVE-2021-43808: Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw

Fix: 1e871813


Guard bypass in Eloquent models
https://blog.laravel.com/security-release-laravel-61834-7232

Fix: 21d86327


GHSA-6jvx-8ch9-j2jr: Laravel Cookie serialization vulnerability
https://github.com/advisories/GHSA-6jvx-8ch9-j2jr

Fix: 83636503


CVE-2018-15133: Laravel Framework RCE Vulnerability 
https://github.com/advisories/GHSA-qvqm-h22r-4cp9

GHSA-qm5c-m76r-2hfr: Laravel RCE vulnerability in "cookie" session driver
https://github.com/advisories/GHSA-qm5c-m76r-2hfr

Fix: 83636503


CVE-2020-19316: OS Command Injection in Laravel Framework 
https://github.com/advisories/GHSA-w2pm-r78h-4m7v  

Fix: cf072514


CVE-2020-24941: Improper Input Validation in Laravel
https://github.com/advisories/GHSA-w68r-5p45-5rqp  

Fix: 21d86327

symfony/http-foundation

CVE-2019-10913: Reject invalid HTTP method overrides
https://symfony.com/cve-2019-10913

Fix: ba8296ef


CVE-2019-18888: CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
https://symfony.com/cve-2019-18888

Fix: c6b50b2c

symfony/http-kernel

CVE-2022-24894: CVE-2022-24894: Prevent storing cookie headers in HttpCache
https://symfony.com/cve-2022-2489

Fix: 9c1c1806


CVE-2019-18887: CVE-2019-18887: Use constant time comparison in UriSigner
https://symfony.com/cve-2019-18887

Fix: 6bb91df7

barryvdh/laravel-translation-manager

Possibility for Denial of Service by overwriting PHP files with language export
https://github.com/advisories/GHSA-w68r-5p45-5rqp

Fix: 61335476

webklex/laravel-imap

CVE-2023-35169: php-imap vulnerable to RCE through a directory traversal vulnerability
https://github.com/advisories/GHSA-47p7-xfcc-4pv9

Fix: d62bf49e

webklex/php-imap

CVE-2023-35169: php-imap vulnerable to RCE through a directory traversal vulnerability
https://github.com/advisories/GHSA-47p7-xfcc-4pv9

Fix: d62bf49e


Clone this wiki locally