CVE-2021-23400
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P
Summary
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | nodemailer | unspecified < 6.6.1 | affected |
Weaknesses
- HTTP Header Injection
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737
- https://github.com/nodemailer/nodemailer/issues/1289
- https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f
References
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737
- https://github.com/nodemailer/nodemailer/issues/1289
- https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.