CVE-2020-12736

Name of the Vulnerable Software and Affected Versions Code42 versions 7.0.4 and earlier

Description The issue allows for possible remote code execution when an administrator creates a local user via a Code42-generated email and modifies the email invitation content. If the administrator enters template language code in the subject line, it could be interpreted by the email generation services, potentially resulting in server-side code injection.

Recommendations For versions 7.0.4 and earlier, consider disabling the email invitation feature for local user creation until a patch is available. Restrict access to the email generation services to minimize the risk of exploitation. Avoid using template language code in the subject line of email invitations to prevent potential server-side code injection.