Remote command injection when using sendmail email transport

GHSA-wfrj-qqc2-83cm

Published Sep 20, 2021 · Modified Sep 17, 2021

Description

Impact

Sites using the sendmail transport as part of their mail config are vulnerable to remote command injection due to a vulnerability in the nodemailer dependency.

Ghost defaults to the direct transport so this is only exploitable if the sendmail transport is explicitly used.

Patches

Fixed in 4.15.0, all sites should upgrade as soon as possible.

Workarounds

Use an alternative email transport as described in the docs.

For more information

If you have any questions or comments about this advisory:

email us at security@ghost.org

References

WEB https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
WEB https://github.com/TryGhost/Ghost/commit/93e4b2eafd18bc8e4c17924e0824e73617e7940c
PACKAGE https://github.com/TryGhost/Ghost
ADVISORY https://github.com/advisories/GHSA-48ww-j4fc-435p

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes