Описание
Potential Command Injection in hubot-scripts
Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee module.
Mitigating Factors
The email script is not enabled by default, it has to be manually added to hubot's list of loaded scripts.
Recommendation
Update hubot-scripts to version 2.4.4 or later.
Пакеты
Наименование
hubot-scripts
npm
Затронутые версииВерсия исправления
<= 2.4.3
2.4.5
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 6 лет назад
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.
CVSS3: 9.8
nvd
почти 6 лет назад
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.