vulnerability
Ubuntu: (CVE-2020-7769): node-nodemailer vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Nov 12, 2020 | Jun 26, 2025 | Aug 18, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Nov 12, 2020
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
Solution
no-fix-ubuntu-package
References
- CVE-2020-7769
- https://attackerkb.com/topics/CVE-2020-7769
- CWE-88
- URL-https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75
- URL-https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54
- URL-https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742
- URL-https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
- URL-https://www.cve.org/CVERecord?id=CVE-2020-7769
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.