CVE-2021-23400

HTTP Header Injection

CVSS 6.3 MEDIUMEPSS 1.4%

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P

Produtos afetados

n/a · nodemailer

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f https://github.com/nodemailer/nodemailer/issues/1289 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737 https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415