Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsNeal PooleNODEJS:13
HistoryOct 17, 2015 - 7:41 p.m.

Potential Command Injection

2015-10-1719:41:46
Neal Poole
www.npmjs.com
13

0.003 Low

EPSS

Percentile

70.4%

JSON

Overview

Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee module.

Mitigating Factors

The email script is not enabled by default, it has to be manually added to hubot’s list of loaded scripts.

Recommendation

Update hubot-scripts to version 2.4.4 or later.

References

GitHub Advisory

CPENameOperatorVersion
hubot-scriptsle 2.4.3

Related

cve 1
github 1
cvelist 1
osv 1
prion 1
nvd 1
ubuntucve 1
securityvulns 1
cve
cve
CVE-2013-7378
2020-02-12 14:15:10
github
github
Potential Command Injection in hubot-scripts
2020-08-31 22:46:38
cvelist
cvelist
CVE-2013-7378
2020-02-12 13:59:50
osv
osv
Potential Command Injection in hubot-scripts
2020-08-31 22:46:38
prion
prion
Command injection
2020-02-12 14:15:00
nvd
nvd
CVE-2013-7378
2020-02-12 14:15:10
ubuntucve
ubuntucve
CVE-2013-7378
2020-02-12 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-05-15 00:00:00

0.003 Low

EPSS

Percentile

70.4%

JSON
Related for NODEJS:13
cve1github1cvelist1osv1prion1nvd1ubuntucve1securityvulns1