<p>Upgrade <code>hubot-scripts</code> to version 2.4.4 or higher.</p>

Command Injection Affecting hubot-scripts package, versions <= 2.4.3

Snyk CVSS

Attack Complexity High

Threat Intelligence

EPSS 0.32% (71^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID npm:hubot-scripts:20130515
published 15 May 2013
disclosed 15 May 2013
credit Neal Poole

Report a new vulnerability Found a mistake?

Introduced: 15 May 2013

CVE-2013-7378 Open this link in a new tab CWE-77 Open this link in a new tab

How to fix?

Upgrade hubot-scripts to version 2.4.4 or higher.

Overview

hubot-scripts is a collection of community scripts for hubot, a chat bot.

Affected versions of this package are vulnerable to Arbitrary Command Injection. Untrusted input was passed into the email command, allowinf an attacker to input malicious commands.

References

GitHub Commit