HIGH🇵🇱 Wersja polska

CVE-2017-16035

CVSS 8.1v3.0pub. 2018-06-04upd. 2024-11-21

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation.

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Hubspot Hubl Server

    APP
    Hubspot
    ≤ 1.1.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-25526CRITICAL9.8PL ✓ten sam vendor

HubSpot JinJava — obejście sandbox i wykonanie dowolnego kodu Java przez ForTag

CVE-2025-59340CRITICAL9.8PL ✓ten sam vendor

HubSpot Jinjava — ucieczka z sandbox i RCE przez deserializację szablonów

CVE-2022-1239HIGH8.8ten sam vendor

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, w...

CVE-2024-5879MEDIUM6.4ten sam vendor

The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored ...

CVE-2020-12668MEDIUM6.5ten sam vendor

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjav...