CVE-2020-7769: Command Injection

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-7769

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Command Injection

Source: NVD (National Vulnerability Database)

Vulnerability Description

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Nodemailer 注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Nodemailer是Nodemailer团队的一个使用可提供发送邮件功能的 JS 代码库。 nodemailer 6.4.16之前版本存在注入漏洞，该漏洞源于使用精心设计的收件人电子邮件地址可能会在sendmail传输中导致任意命令标志注入以发送邮件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	nodemailer	unspecified ~ 6.4.16	-

II. Public POCs for CVE-2020-7769

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-7769

Please Login to view more intelligence information

https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75x_refsource_MISC
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834x_refsource_MISC
https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-7769

IV. Related Vulnerabilities

Same product: nodemailer

Same vendor: n/a

V. Comments for CVE-2020-7769

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2020-7769

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-7769

III. Intelligence Information for CVE-2020-7769

IV. Related Vulnerabilities

V. Comments for CVE-2020-7769

Leave a comment