VDB
CVE-2020-7769
CVE-2020-7769
PUBLISHED
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
EPSS 0.51% · 66.8th percentile
Risk Scores
EPSS Score
0.51%
66.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | node-nodemailer | 0, 6.3.0-2, 6.3.1-1 |
Exploit Intelligence
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742 (nist-nvd)
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834 (nist-nvd)
- https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75 (circl)
- https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54 (circl)
Timeline
- Nov 12, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jul 21, 2021 CVE Updated
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-7769 third-party-advisory
- https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75 third-party-advisory
- https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54 third-party-advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742 third-party-advisory
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-7769 third-party-advisory