Ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-26 20:34:02 +03:00

History

Daniel Lockyer 93e4b2eafd 🔒 Fixed remote command injection when using `sendmail` email transport refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm refs https://github.com/advisories/GHSA-48ww-j4fc-435p - a vulnerability in `nodemailer` means that the `sendmail` transport is vulnerable to command injection for flags passed to the `sendmail` binary - updating to the latest version of Nodemailer required creating `@tryghost/nodemailer`, which is a wrapper around Nodemailer and several plugins that used to be in the core - this commit switches to using that package, and fixes up some small code + test changes	2021-09-17 16:46:51 +01:00
..
GhostMailer.test.js	🔒 Fixed remote command injection when using `sendmail` email transport	2021-09-17 16:46:51 +01:00
utils.test.js	🔒 Fixed remote command injection when using `sendmail` email transport	2021-09-17 16:46:51 +01:00

Daniel Lockyer 93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport

refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes

2021-09-17 16:46:51 +01:00

GhostMailer.test.js 🔒 Fixed remote command injection when using sendmail email transport 2021-09-17 16:46:51 +01:00

utils.test.js 🔒 Fixed remote command injection when using sendmail email transport 2021-09-17 16:46:51 +01:00