NodeJS/hubot-scripts/1.1.5
Allows you to opt in to a variety of scripts
https://www.npmjs.com/package/hubot-scripts
MIT
2 Security Vulnerabilities
Potential Command Injection in hubot-scripts
- https://nvd.nist.gov/vuln/detail/CVE-2013-7378
- https://github.com/advisories/GHSA-hwch-749c-rv63
- https://github.com/github/hubot-scripts/commit/feee5abdb038a229a98969ae443cdb8a61747782
- https://web.archive.org/web/20140731222413/https://nodesecurity.io/advisories/Hubot_Potential_command_injection_in_email.coffee
- https://www.npmjs.com/advisories/13
- http://www.openwall.com/lists/oss-security/2014/05/13/1
- http://www.openwall.com/lists/oss-security/2014/05/15/2
Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee
module.
Mitigating Factors
The email script is not enabled by default, it has to be manually added to hubot's list of loaded scripts.
Recommendation
Update hubot-scripts to version 2.4.4 or later.
Potential Command Injection
Untrusted input passed in to the hubot-scripts/package/src/scripts/email.coffee module can allow for command injection. This may be unexpected behavior for the caller.
Mitigating Factors
The email script is not enabled by default, it has to be manually added to hubot's list of loaded scripts.
60 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
3.0.1-beta1 | MIT | 2013-06-18 - 11:17 | almost 11 years | |
3.0.0-beta3 | MIT | 2013-06-20 - 17:49 | almost 11 years | |
3.0.0-beta1 | MIT | 2013-06-18 - 11:11 | almost 11 years | |
2.17.2 | MIT | 2016-05-16 - 15:24 | almost 8 years | |
2.17.1 | MIT | 2016-05-06 - 22:47 | about 8 years | |
2.17.0 | MIT | 2016-05-06 - 22:42 | about 8 years | |
2.16.2 | MIT | 2015-08-12 - 16:46 | almost 9 years | |
2.16.1 | MIT | 2015-06-08 - 15:00 | almost 9 years | |
2.16.0 | MIT | 2015-06-06 - 02:16 | almost 9 years | |
2.5.16 | MIT | 2014-09-04 - 20:27 | over 9 years | |
2.5.15 | MIT | 2014-07-02 - 20:01 | almost 10 years | |
2.5.14 | MIT | 2014-05-19 - 12:48 | almost 10 years | |
2.5.13 | MIT | 2014-05-07 - 17:57 | about 10 years | |
2.5.12 | MIT | 2014-04-29 - 14:48 | about 10 years | |
2.5.11 | MIT | 2014-03-18 - 17:24 | about 10 years | |
2.5.9 | MIT | 2014-03-17 - 18:30 | about 10 years | |
2.5.8 | MIT | 2014-01-31 - 23:11 | over 10 years | |
2.5.7 | MIT | 2013-11-25 - 19:09 | over 10 years | |
2.5.6 | MIT | 2013-09-06 - 15:29 | over 10 years | |
2.5.5 | MIT | 2013-09-06 - 15:01 | over 10 years | |
2.5.4 | MIT | 2013-08-29 - 15:10 | over 10 years | |
2.5.3 | MIT | 2013-08-12 - 15:36 | almost 11 years | |
2.5.2 | MIT | 2013-07-31 - 23:23 | almost 11 years | |
2.5.1 | MIT | 2013-07-19 - 20:01 | almost 11 years | |
2.5.0 | MIT | 2013-07-13 - 20:24 | almost 11 years | |
2.4.8 | MIT | 2013-06-25 - 22:25 | almost 11 years | |
2.4.7 | MIT | 2013-06-24 - 21:22 | almost 11 years | |
2.4.6 | MIT | 2013-06-18 - 17:08 | almost 11 years | |
2.4.5 | MIT | 2013-06-08 - 21:01 | almost 11 years | |
2.4.3 | MIT | 2 | 2013-04-12 - 22:07 | about 11 years |
2.4.2 | MIT | 2 | 2013-03-09 - 20:49 | about 11 years |
2.4.1 | MIT | 2 | 2013-01-11 - 19:56 | over 11 years |
2.4.0 | MIT | 2 | 2013-01-10 - 19:44 | over 11 years |
2.2.2 | MIT | 2 | 2012-11-06 - 15:10 | over 11 years |
2.2.1 | MIT | 2 | 2012-11-06 - 15:00 | over 11 years |
2.2.0 | MIT | 2 | 2012-11-06 - 03:06 | over 11 years |
2.1.3 | MIT | 2 | 2012-08-31 - 01:54 | over 11 years |
2.1.2 | MIT | 2 | 2012-08-26 - 16:53 | over 11 years |
2.1.1 | MIT | 2 | 2012-07-13 - 21:10 | almost 12 years |
2.1.0 | MIT | 2 | 2012-07-13 - 20:55 | almost 12 years |
2.0.8 | MIT | 2 | 2012-04-06 - 20:37 | about 12 years |
2.0.7 | MIT | 2 | 2013-01-10 - 00:25 | over 11 years |
2.0.6 | MIT | 2 | 2012-03-02 - 04:08 | about 12 years |
2.0.5 | MIT | 2 | 2012-02-06 - 19:52 | over 12 years |
2.0.4 | MIT | 2 | 2011-12-19 - 19:25 | over 12 years |
2.0.3 | MIT | 2 | 2011-11-25 - 20:15 | over 12 years |
2.0.2 | MIT | 2 | 2011-11-25 - 19:21 | over 12 years |
2.0.1 | MIT | 2 | 2011-11-25 - 19:18 | over 12 years |
1.1.8 | MIT | 2 | 2011-11-08 - 00:25 | over 12 years |
1.1.7 | MIT | 2 | 2011-11-07 - 22:05 | over 12 years |
1.1.6 | MIT | 2 | 2011-11-02 - 22:53 | over 12 years |
1.1.5 | MIT | 2 | 2011-10-31 - 19:22 | over 12 years |
1.1.4 | MIT | 2 | 2011-10-29 - 22:56 | over 12 years |
1.1.3 | MIT | 2 | 2011-10-28 - 08:41 | over 12 years |
1.1.2 | MIT | 2 | 2011-10-28 - 06:27 | over 12 years |
1.1.1 | MIT | 2 | 2011-10-28 - 05:08 | over 12 years |
1.1.0 | MIT | 2 | 2011-10-27 - 21:34 | over 12 years |
1.0.4 | MIT | 2 | 2011-10-26 - 05:49 | over 12 years |
1.0.3 | MIT | 2 | 2011-10-26 - 00:41 | over 12 years |
1.0.0 | MIT | 2 | 2011-10-25 - 18:23 | over 12 years |