#VU76973 Improper Neutralization of Special Elements in Output Used by a Downstream Component in nodemailer - CVE-2020-7769

Cybersecurity Help s.r.o.

Published: 2023-06-06

Vulnerability identifier: #VU76973

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-7769

CWE-ID: CWE-74

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
nodemailer
Other software / Other software solutions

Vendor: nodemailer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use of crafted recipient email addresses. A remote unauthenticated attacker can trigger the vulnerability resulting in arbitrary command flag injection in sendmail transport for sending mails.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

nodemailer: before 6.4.16

External links
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742
https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75
https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM App Connect Enterprise and IBM Integration Bus

Improper neutralization of special elements in output used by a downstream component in IBM Cloud Automation Manager