Vulnerable versions of Akaunting and Bookstack packages are used

bugsnag / bugsnag-laravel

BugSnag notifier for the Laravel PHP framework. Monitor and report Laravel errors.

https://docs.bugsnag.com/platforms/php/laravel/

MIT License

876 stars 129 forks source link

Vulnerable versions of Akaunting and Bookstack packages are used #498

Closed AndersonSean closed 1 year ago

AndersonSean commented 1 year ago

Describe the bug

The version of Akaunting which is being used is a security risk CVE-2021-36804 (https://nvd.nist.gov/vuln/detail/CVE-2021-36804) which has a high severity warning. The version of Bookstack which is being used is a security risk CVE-2021-3874 (https://nvd.nist.gov/vuln/detail/CVE-2021-3874) which has a medium severity warning.

Both of these packages should be updated to non vulnerable versions to prevent any potential security issues.

luke-belton commented 1 year ago

Hi @seana39223 - I don't think either of these are dependencies of bugsnag-laravel. Are you able to share some more information on why you think changes are required by Bugsnag to mitigate these risks please?

johnkiely1 commented 1 year ago

We are going to close this out as we suspect it was opened in error. Let us know if you believe otherwise.