CVE-2020-7769

Опубликовано: 12 нояб. 2020

Источник: debian

Описание

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-nodemailer	fixed	6.4.16-1		package

Примечания

https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54

Связанные уязвимости

CVE-2020-7769

CVSS3: 8.6

ubuntu

около 5 лет назад

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

CVE-2020-7769

CVSS3: 8.6

nvd

около 5 лет назад

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

GHSA-48ww-j4fc-435p

CVSS3: 9.8

github

больше 4 лет назад

Command injection in nodemailer