Filtered by vendor Nodemailer
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23400 | 1 Nodemailer | 1 Nodemailer | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. | |||||
| CVE-2020-7769 | 1 Nodemailer | 1 Nodemailer | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. | |||||