Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee
module.
The email script is not enabled by default, it has to be manually added to hubot’s list of loaded scripts.
Update hubot-scripts to version 2.4.4 or later.
CPE | Name | Operator | Version |
---|---|---|---|
hubot-scripts | lt | 2.4.5 |