← back
CVE-2021-23400

HTTP Header Injection

CVSS 6.3 MEDIUMEPSS 1.4%
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P
Affected products
n/a · nodemailer

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9fhttps://github.com/nodemailer/nodemailer/issues/1289https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415