8 matches found
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7769)
Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID:CVE-2020-7769 DESCRIPTION: Nodejs could allow a remote attacker to execute arbitrary...
Command Injection
Overview nodemailer before version 6.4.16 is vulnerable to command injection. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. Recommendation Upgrade to version 6.4.16 or later References - CVE - GitHub Advisory...
02112019lab6 (=1.0.0), 03-custom-tian (>=1.0.1 <=1.0.6) +10979 more potentially affected by CVE-2020-7769 via nodemailer (>=0.1.18 <=6.4.15)
nodemailer NPM version =0.1.18, =1.0.1, =1.0.0, =1.0.0, =0.2.9, =0.2.19 - 10er10 =0.23.0 - 123ac =1.0.8 - 123acyashu =1.0.8 - 123acyashuac =1.0.8 - 2fatang =1.0.0 and more Source cves: CVE-2020-7769 Source advisory: OSV:GHSA-48WW-J4FC-435P...
Security Bulletin: A security vulnerability in Node.js nodemailer module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js nodemailer module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-7769 DESCRIPTION: Nodejs could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the recipient email...
Security Bulletin: Version 6.4.6 of Node.js module nodemailer included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability
Summary Security Bulletin: Version 6.4.6 of Node.js module nodemailer included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-7769 DESCRIPTION: Nodejs could allow a remote attacker to execute arbitrary commands on the system, caused by...
CVE-2020-7769 Command Injection
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails...
CVE-2020-7769
CVE-2020-7769 affects the Node.js nodemailer package up to version 6.4.16. The vulnerability arises from improper input validation of recipient email addresses in the sendmail transport, allowing a crafted recipient address to inject arbitrary command flags. Documents indicate a high/severe impac...
02112019lab6 (=1.0.0), 03-custom-tian (>=1.0.1 <=1.0.6) +7785 more potentially affected by CVE-2020-7769 via nodemailer (>=6.0.0 <=6.4.15)
nodemailer NPM version =6.0.0, =1.0.1, =1.0.0, =1.0.0, =0.2.9, =1.0.0, =1.0.3 and more Source cves: CVE-2020-7769 Source advisory: SNYK:JS-NODEMAILER-1038834...