Command Injection
Affecting hubot-scripts package, versions <= 2.4.3
Do your applications use this vulnerable package?
Test your applications
Overview
hubot-scripts is a collection of community scripts for hubot, a chat bot.
Affected versions of this package are vulnerable to Arbitrary Command Injection. Untrusted input was passed into the email command, allowinf an attacker to input malicious commands.
Remediation
Upgrade hubot-scripts
to version 2.4.4 or higher.
References
CVSS Score
4.8
medium severity
-
Attack VectorNetwork
-
Attack ComplexityHigh
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityNone
- Credit
- Neal Poole
- CVE
- CVE-2013-7378
- CWE
- CWE-77
- Snyk ID
- npm:hubot-scripts:20130515
- Disclosed
- 15 May, 2013
- Published
- 15 May, 2013