CVE-2021-23400

Published June 29th, 2021

View on NVD ↗

CVSS v3

6.3

MEDIUM

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

nodemailer/nodemailer

✉️ Send e-mails with Node.JS – easy as cake!

GitHub

17.6K