CVE-2021-23400

Summary

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

Affected Software

VendorProductVersion RangeStatus
n/anodemailerunspecified < 6.6.1affected

Weaknesses

  • HTTP Header Injection

ADP Enrichment

CVE Program Container

Additional References

References