The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
References
Link | Resource |
---|---|
https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f | Patch Third Party Advisory |
https://github.com/nodemailer/nodemailer/issues/1289 | Third Party Advisory |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737 | Exploit Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2021-06-29T00:00:00
Updated: 2021-06-29T11:45:11
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23400
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-29T12:15:08.363
Modified: 2021-07-06T18:48:29.997
Link: CVE-2021-23400
JSON object: View
Redhat Information
No data.
CWE