Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.
Advisories for Npm/Hubot-Scripts package
2020
2013
Potential Command Injection
Untrusted input passed in to the hubot-scripts/package/src/scripts/email.coffee module can allow for command injection. This may be unexpected behavior for the caller.