The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HHubspot Hubl Server
APPHubspot≤ 1.1.5
Related vulnerabilities
HubSpot JinJava — obejście sandbox i wykonanie dowolnego kodu Java przez ForTag
HubSpot Jinjava — ucieczka z sandbox i RCE przez deserializację szablonów
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, w...
The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored ...
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjav...