Command Injection in hubot-scripts

Do your applications use this vulnerable package? Test your applications

Overview

hubot-scripts is a collection of community scripts for hubot, a chat bot.

Affected versions of this package are vulnerable to Arbitrary Command Injection. Untrusted input was passed into the email command, allowinf an attacker to input malicious commands.

Remediation

Upgrade hubot-scripts to version 2.4.4 or higher.

References

GitHub Commit

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

Low
Integrity

Low
Availability

None

Credit: Neal Poole
CVE: CVE-2013-7378
CWE: CWE-77
Snyk ID: npm:hubot-scripts:20130515
Disclosed: 15 May, 2013
Published: 15 May, 2013

Command Injection
Affecting hubot-scripts package, versions <= 2.4.3

Overview

Remediation

References

CVSS Score

Command Injection Affecting hubot-scripts package, versions <= 2.4.3

Overview

Remediation

References

Command Injection
Affecting hubot-scripts package, versions <= 2.4.3