-
Notifications
You must be signed in to change notification settings - Fork 651
FreeScout Dependencies Security
You can read how FreeScout Team ensures dependencies security here.
Below is the list of known security issues in dependencies along with the information on patches fixing them in FreeScout.
CVE-2026-25129: PsySH has Local Privilege Escalation via CWD .psysh.php auto-load
https://github.com/freescout-help-desk/freescout/security/dependabot/96
Fix: e76b683
CVE-2026-24739: Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
https://github.com/freescout-help-desk/freescout/security/dependabot/95
Fix: 2919365
CVE-2026-24765: PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling
https://github.com/freescout-help-desk/freescout/security/dependabot/94
Fix: c862181
CVE-2025-64500: Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
https://github.com/freescout-help-desk/freescout/security/dependabot/93
Fix: 4b67a88
Before November 20225:
Laravel environment manipulation via query string
https://github.com/advisories/GHSA-gv7v-rgg6-548h
Fix: f411f8c
RCE vulnerability in "cookie" session driver
https://blog.laravel.com/laravel-cookie-security-releases
Fix: 822fb85
CVE-2021-43808: Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
Fix: 1e871813
Guard bypass in Eloquent models
https://blog.laravel.com/security-release-laravel-61834-7232
Fix: 21d86327
GHSA-6jvx-8ch9-j2jr: Laravel Cookie serialization vulnerability
https://github.com/advisories/GHSA-6jvx-8ch9-j2jr
Fix: 83636503
CVE-2018-15133: Laravel Framework RCE Vulnerability
https://github.com/advisories/GHSA-qvqm-h22r-4cp9
GHSA-qm5c-m76r-2hfr: Laravel RCE vulnerability in "cookie" session driver
https://github.com/advisories/GHSA-qm5c-m76r-2hfr
Fix: 83636503
CVE-2020-19316: OS Command Injection in Laravel Framework
https://github.com/advisories/GHSA-w2pm-r78h-4m7v
Fix: cf072514
CVE-2020-24941: Improper Input Validation in Laravel
https://github.com/advisories/GHSA-w68r-5p45-5rqp
Fix: 21d86327
CVE-2019-10913: Reject invalid HTTP method overrides
https://symfony.com/cve-2019-10913
Fix: ba8296ef
CVE-2019-18888: CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
https://symfony.com/cve-2019-18888
Fix: c6b50b2c
CVE-2022-24894: CVE-2022-24894: Prevent storing cookie headers in HttpCache
https://symfony.com/cve-2022-2489
Fix: 9c1c1806
CVE-2019-18887: CVE-2019-18887: Use constant time comparison in UriSigner
https://symfony.com/cve-2019-18887
Fix: 6bb91df7
Stored XSS in Laravel Translation Manager
https://github.com/barryvdh/laravel-translation-manager/security/advisories/GHSA-j226-63j7-qrqh
Fix: 570e3b9
Possibility for Denial of Service by overwriting PHP files with language export
https://github.com/advisories/GHSA-w68r-5p45-5rqp
Fix: 61335476
CVE-2023-35169: php-imap vulnerable to RCE through a directory traversal vulnerability
https://github.com/advisories/GHSA-47p7-xfcc-4pv9
Fix: d62bf49e
CVE-2023-35169: php-imap vulnerable to RCE through a directory traversal vulnerability
https://github.com/advisories/GHSA-47p7-xfcc-4pv9
Fix: d62bf49e
FreeScout — Help desk & shared mailbox, free Zendesk & Help Scout alternative.
About
Installation
Configuration
- Sending Emails
- Fetching Emails
- Connect G Suite & Microsoft 365
- Console Commands
- Backup
- Update
- Upgrade PHP
Troubleshooting
Tools & Integrations
- API
- Migrate to FreeScout
- Zapier
- Make (Integromat)
- MacOS Menu Bar App
Development