CVE-2021-23400

Injection Vulnerability in npm/nodemailer

Identifier

CVE-2021-23400

Package Slug

npm/nodemailer

Vulnerability

Injection Vulnerability

Description

The package nodemailer is vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

Affected Versions

All versions before 6.6.1

Solution

Upgrade to version 6.6.1 or above.

Last Modified

2021-07-08

source