mirror of
https://github.com/freescout-helpdesk/freescout.git
synced 2024-11-08 11:52:30 +01:00
Page:
FreeScout Dependencies Security
Pages
Background Jobs
Backup
Blacklists Check
Choosing a Server
Clearing the Cache
Cloud Hosted FreeScout
Community Modules
Configuration Options
Connect FreeScout to Microsoft 365 Exchange via OAuth
Connect G Suite to FreeScout
Connect Gmail to FreeScout
Connect Microsoft Office 365 Exchange to FreeScout
Console Commands
Debugging
Development Guide
FAQ
Fetching Emails
FreeScount and Zapier
FreeScout Dependencies Security
FreeScout Development Process
FreeScout Modules Dev
FreeScout Modules
FreeScout Plugins
FreeScout Security
FreeScout on Plesk
Google OAuth 2.0
Hire Developer
Home
Installation Guide
Integromat Integration
Make Integration
Migrate to FreeScout
Modules Development
OAuth for Google and Office 365
PHP Timezones
Releases
Sending Emails
Sending Issues
Todo List
Translate
Updating FreeScout
Upgrade PHP
Zapier Integration
19
FreeScout Dependencies Security
FreeScout edited this page 2024-05-16 08:24:31 +03:00
You can read how FreeScout Team ensures dependencies security here.
Below is the list of known security issues in dependencies along with the information on patches fixing them in FreeScout.
laravel/framework
RCE vulnerability in "cookie" session driver
https://blog.laravel.com/laravel-cookie-security-releases
Fix: 822fb85
CVE-2021-43808: Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
Fix: 1e871813
Guard bypass in Eloquent models
https://blog.laravel.com/security-release-laravel-61834-7232
Fix: 21d86327
GHSA-6jvx-8ch9-j2jr: Laravel Cookie serialization vulnerability
https://github.com/advisories/GHSA-6jvx-8ch9-j2jr
Fix: 83636503
CVE-2018-15133: Laravel Framework RCE Vulnerability
https://github.com/advisories/GHSA-qvqm-h22r-4cp9
GHSA-qm5c-m76r-2hfr: Laravel RCE vulnerability in "cookie" session driver
https://github.com/advisories/GHSA-qm5c-m76r-2hfr
Fix: 83636503
CVE-2020-19316: OS Command Injection in Laravel Framework
https://github.com/advisories/GHSA-w2pm-r78h-4m7v
Fix: cf072514
CVE-2020-24941: Improper Input Validation in Laravel
https://github.com/advisories/GHSA-w68r-5p45-5rqp
Fix: 21d86327
symfony/http-foundation
CVE-2019-10913: Reject invalid HTTP method overrides
https://symfony.com/cve-2019-10913
Fix: ba8296ef
CVE-2019-18888: CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
https://symfony.com/cve-2019-18888
Fix: c6b50b2c
symfony/http-kernel
CVE-2022-24894: CVE-2022-24894: Prevent storing cookie headers in HttpCache
https://symfony.com/cve-2022-2489
Fix: 9c1c1806
CVE-2019-18887: CVE-2019-18887: Use constant time comparison in UriSigner
https://symfony.com/cve-2019-18887
Fix: 6bb91df7
barryvdh/laravel-translation-manager
Possibility for Denial of Service by overwriting PHP files with language export
https://github.com/advisories/GHSA-w68r-5p45-5rqp
Fix: 61335476
webklex/laravel-imap
CVE-2023-35169: php-imap vulnerable to RCE through a directory traversal vulnerability
https://github.com/advisories/GHSA-47p7-xfcc-4pv9
Fix: d62bf49e
webklex/php-imap
CVE-2023-35169: php-imap vulnerable to RCE through a directory traversal vulnerability
https://github.com/advisories/GHSA-47p7-xfcc-4pv9
Fix: d62bf49e
About
Installation
Configuration
- Sending Emails
- Fetching Emails
- Connect G Suite & Microsoft 365
- Console Commands
- Backup
- Update
- Upgrade PHP
Troubleshooting
Tools & Integrations
- API
- Migrate to FreeScout
- Zapier
- Make (Integromat)
Development
FreeScout — Help desk & shared mailbox, free Zendesk & Help Scout alternative.