Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-HWCH-749C-RV63
HistoryAug 31, 2020 - 10:46 p.m.

Potential Command Injection in hubot-scripts

2020-08-3122:46:38
Google
osv.dev
11

0.003 Low

EPSS

Percentile

70.4%

JSON

Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee module.

Mitigating Factors

The email script is not enabled by default, it has to be manually added to hubot’s list of loaded scripts.

Recommendation

Update hubot-scripts to version 2.4.4 or later.

CPENameOperatorVersion
hubot-scriptslt2.4.5

Related

cve 1
github 1
cvelist 1
prion 1
nvd 1
ubuntucve 1
nodejs 1
securityvulns 1
cve
cve
CVE-2013-7378
2020-02-12 14:15:10
github
github
Potential Command Injection in hubot-scripts
2020-08-31 22:46:38
cvelist
cvelist
CVE-2013-7378
2020-02-12 13:59:50
prion
prion
Command injection
2020-02-12 14:15:00
nvd
nvd
CVE-2013-7378
2020-02-12 14:15:10
ubuntucve
ubuntucve
CVE-2013-7378
2020-02-12 00:00:00
nodejs
nodejs
Potential Command Injection
2015-10-17 19:41:46
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-05-15 00:00:00

0.003 Low

EPSS

Percentile

70.4%

JSON
Related for OSV:GHSA-HWCH-749C-RV63
cve1github1cvelist1prion1nvd1ubuntucve1nodejs1securityvulns1