CVE-2020-7769

Опубликовано: 12 нояб. 2020

Источник: nvd

CVSS3: 8.6

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

Ссылки

https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75
Broken Link
Third Party Advisory
https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742
Exploit
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
Exploit
Patch
Third Party Advisory
https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75
Broken Link
Third Party Advisory
https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742
Exploit
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nodemailer:nodemailer:*:*:*:*:*:node.js:*:*

Версия до 6.4.16 (исключая)

EPSS

Процентиль: 66%

0.00509

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-88

Связанные уязвимости

CVE-2020-7769

CVSS3: 8.6

ubuntu

около 5 лет назад

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

CVE-2020-7769

CVSS3: 8.6

debian

около 5 лет назад

This affects the package nodemailer before 6.4.16. Use of crafted reci ...

GHSA-48ww-j4fc-435p

CVSS3: 9.8

github

больше 4 лет назад

Command injection in nodemailer

EPSS

Процентиль: 66%

0.00509

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-88