FreeScout Dependencies Security
FreeScout edited this page Sep 23, 2023
·
13 revisions
You can read how FreeScout Team ensures dependencies security here.
Below is the list of known security issues in dependencies along with the information on patches fixing them in FreeScout.
RCE vulnerability in "cookie" session driver
https://blog.laravel.com/laravel-cookie-security-releases
Fix: 822fb85
CVE-2021-43808: Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
Fix: 1e871813
Guard bypass in Eloquent models
https://blog.laravel.com/security-release-laravel-61834-7232
Fix: 21d86327
Cookie serialization vulnerability
https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30
Fix: 83636503
CVE-2018-15133: Laravel Framework RCE Vulnerability
https://github.com/advisories/GHSA-qvqm-h22r-4cp9
Fix: 83636503
CVE-2020-19316: OS Command Injection in Laravel Framework
https://github.com/advisories/GHSA-w2pm-r78h-4m7v
Fix: cf072514
CVE-2020-24941: Improper Input Validation in Laravel
https://github.com/advisories/GHSA-w68r-5p45-5rqp
Fix: 21d86327
CVE-2019-10913: Reject invalid HTTP method overrides
https://symfony.com/cve-2019-10913
Fix: ba8296ef
CVE-2019-18888: CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
https://symfony.com/cve-2019-18888
Fix: c6b50b2c
CVE-2022-24894: CVE-2022-24894: Prevent storing cookie headers in HttpCache
https://symfony.com/cve-2022-2489
Fix: 9c1c1806
CVE-2019-18887: CVE-2019-18887: Use constant time comparison in UriSigner
https://symfony.com/cve-2019-18887
Fix: 6bb91df7
Possibility for Denial of Service by overwriting PHP files with language export
https://github.com/advisories/GHSA-w68r-5p45-5rqp
Fix: 61335476
CVE-2023-35169: php-imap vulnerable to RCE through a directory traversal vulnerability
https://github.com/advisories/GHSA-47p7-xfcc-4pv9
Fix: d62bf49e
CVE-2023-35169: php-imap vulnerable to RCE through a directory traversal vulnerability
https://github.com/advisories/GHSA-47p7-xfcc-4pv9
Fix: d62bf49e
FreeScout — Help desk & shared mailbox, free Zendesk & Help Scout alternative.
About
Installation
Configuration
- Sending Emails
- Fetching Emails
- Connect G Suite & Microsoft 365
- Console Commands
- Backup
- Update
- Upgrade PHP
Troubleshooting
Tools & Integrations
- API
- Migrate to FreeScout
- Zapier
- Make (Integormat)
Development