CVE-2020-7769 Vulnerability in npm package nodemailer

Description

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

Remediation

References

https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75

https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742

https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834

Related Vulnerabilities

CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.binding.sonos

CVE-2020-15232 Vulnerability in maven package org.mapfish.print:print-lib

CVE-2021-29506 Vulnerability in maven package com.graphhopper:graphhopper-nav

CVE-2018-1000006 Vulnerability in npm package electron

CVE-2023-37602 Vulnerability in maven package org.opencms:opencms-core

Severity

Critical

Classification

CWE-88 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H