Filtered by vendor Nodemailer Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-23400 1 Nodemailer 1 Nodemailer 2024-11-21 6.3 Medium
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
CVE-2020-7769 1 Nodemailer 1 Nodemailer 2024-11-21 8.6 High
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.