NodeJS/hubot-scripts/2.2.0

Allows you to opt in to a variety of scripts

https://www.npmjs.com/package/hubot-scripts
MIT

2 Security Vulnerabilities

Potential Command Injection in hubot-scripts

Published date: 2020-08-31T22:46:38Z
CVE: CVE-2013-7378
Links:

Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee module.

Mitigating Factors

The email script is not enabled by default, it has to be manually added to hubot's list of loaded scripts.

Recommendation

Update hubot-scripts to version 2.4.4 or later.

Affected versions: ["1.0.0", "1.0.3", "1.0.4", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.1.6", "1.1.7", "1.1.8", "2.0.1", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "2.0.6", "2.0.8", "2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.2.0", "2.2.1", "2.2.2", "2.0.7", "2.4.0", "2.4.1", "2.4.2", "2.4.3"]
Secure versions: [2.4.5, 3.0.0-beta1, 3.0.1-beta1, 2.4.6, 3.0.0-beta3, 2.4.7, 2.4.8, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.5.15, 2.5.16, 2.16.0, 2.16.1, 2.16.2, 2.17.0, 2.17.1, 2.17.2]
Recommendation: Update to version 2.17.2.

Potential Command Injection

Published date: 2013-05-15
CVEs: ["CVE-2013-7378"]
CVSS Score: 4.8
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Coordinating vendor: ^Lift Security

Untrusted input passed in to the hubot-scripts/package/src/scripts/email.coffee module can allow for command injection. This may be unexpected behavior for the caller.

Mitigating Factors

The email script is not enabled by default, it has to be manually added to hubot's list of loaded scripts.

Affected versions: ["1.0.0", "1.0.3", "1.0.4", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.1.6", "1.1.7", "1.1.8", "2.0.1", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "2.0.6", "2.0.8", "2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.2.0", "2.2.1", "2.2.2", "2.0.7", "2.4.0", "2.4.1", "2.4.2", "2.4.3"]
Secure versions: [2.4.5, 3.0.0-beta1, 3.0.1-beta1, 2.4.6, 3.0.0-beta3, 2.4.7, 2.4.8, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.5.15, 2.5.16, 2.16.0, 2.16.1, 2.16.2, 2.17.0, 2.17.1, 2.17.2]
Recommendation: A new version containing a fix has yet to be pushed to NPM. Use the version located at https://github.com/github/hubot-scripts/ until version 2.4.4 comes out.

60 Other Versions

Version License Security Released
3.0.1-beta1 MIT 2013-06-18 - 11:17 almost 11 years
3.0.0-beta3 MIT 2013-06-20 - 17:49 almost 11 years
3.0.0-beta1 MIT 2013-06-18 - 11:11 almost 11 years
2.17.2 MIT 2016-05-16 - 15:24 almost 8 years
2.17.1 MIT 2016-05-06 - 22:47 almost 8 years
2.17.0 MIT 2016-05-06 - 22:42 almost 8 years
2.16.2 MIT 2015-08-12 - 16:46 over 8 years
2.16.1 MIT 2015-06-08 - 15:00 almost 9 years
2.16.0 MIT 2015-06-06 - 02:16 almost 9 years
2.5.16 MIT 2014-09-04 - 20:27 over 9 years
2.5.15 MIT 2014-07-02 - 20:01 almost 10 years
2.5.14 MIT 2014-05-19 - 12:48 almost 10 years
2.5.13 MIT 2014-05-07 - 17:57 almost 10 years
2.5.12 MIT 2014-04-29 - 14:48 almost 10 years
2.5.11 MIT 2014-03-18 - 17:24 about 10 years
2.5.9 MIT 2014-03-17 - 18:30 about 10 years
2.5.8 MIT 2014-01-31 - 23:11 about 10 years
2.5.7 MIT 2013-11-25 - 19:09 over 10 years
2.5.6 MIT 2013-09-06 - 15:29 over 10 years
2.5.5 MIT 2013-09-06 - 15:01 over 10 years
2.5.4 MIT 2013-08-29 - 15:10 over 10 years
2.5.3 MIT 2013-08-12 - 15:36 over 10 years
2.5.2 MIT 2013-07-31 - 23:23 over 10 years
2.5.1 MIT 2013-07-19 - 20:01 almost 11 years
2.5.0 MIT 2013-07-13 - 20:24 almost 11 years
2.4.8 MIT 2013-06-25 - 22:25 almost 11 years
2.4.7 MIT 2013-06-24 - 21:22 almost 11 years
2.4.6 MIT 2013-06-18 - 17:08 almost 11 years
2.4.5 MIT 2013-06-08 - 21:01 almost 11 years
2.4.3 MIT 2 2013-04-12 - 22:07 about 11 years
2.4.2 MIT 2 2013-03-09 - 20:49 about 11 years
2.4.1 MIT 2 2013-01-11 - 19:56 over 11 years
2.4.0 MIT 2 2013-01-10 - 19:44 over 11 years
2.2.2 MIT 2 2012-11-06 - 15:10 over 11 years
2.2.1 MIT 2 2012-11-06 - 15:00 over 11 years
2.2.0 MIT 2 2012-11-06 - 03:06 over 11 years
2.1.3 MIT 2 2012-08-31 - 01:54 over 11 years
2.1.2 MIT 2 2012-08-26 - 16:53 over 11 years
2.1.1 MIT 2 2012-07-13 - 21:10 almost 12 years
2.1.0 MIT 2 2012-07-13 - 20:55 almost 12 years
2.0.8 MIT 2 2012-04-06 - 20:37 about 12 years
2.0.7 MIT 2 2013-01-10 - 00:25 over 11 years
2.0.6 MIT 2 2012-03-02 - 04:08 about 12 years
2.0.5 MIT 2 2012-02-06 - 19:52 about 12 years
2.0.4 MIT 2 2011-12-19 - 19:25 over 12 years
2.0.3 MIT 2 2011-11-25 - 20:15 over 12 years
2.0.2 MIT 2 2011-11-25 - 19:21 over 12 years
2.0.1 MIT 2 2011-11-25 - 19:18 over 12 years
1.1.8 MIT 2 2011-11-08 - 00:25 over 12 years
1.1.7 MIT 2 2011-11-07 - 22:05 over 12 years
1.1.6 MIT 2 2011-11-02 - 22:53 over 12 years
1.1.5 MIT 2 2011-10-31 - 19:22 over 12 years
1.1.4 MIT 2 2011-10-29 - 22:56 over 12 years
1.1.3 MIT 2 2011-10-28 - 08:41 over 12 years
1.1.2 MIT 2 2011-10-28 - 06:27 over 12 years
1.1.1 MIT 2 2011-10-28 - 05:08 over 12 years
1.1.0 MIT 2 2011-10-27 - 21:34 over 12 years
1.0.4 MIT 2 2011-10-26 - 05:49 over 12 years
1.0.3 MIT 2 2011-10-26 - 00:41 over 12 years
1.0.0 MIT 2 2011-10-25 - 18:23 over 12 years