Arbitrary Command Flag Injection in Nodemailer's Sendmail Transport

CVE-2020-7769 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

Learn more about our Web Application Penetration Testing UK.