CNNVD-202512-3493 Information

CNNVD ID

CNNVD-202512-3493

Related CVE

CVE-2025-14874

• CNNVD Published: 2025-12-18

Description (Chinese)

Nodemailer是Nodemailer团队的一个使用可提供发送邮件功能的 JS 代码库。 Nodemailer存在安全漏洞，该漏洞源于地址解析器中无限递归，可能导致拒绝服务攻击。

Description (English)

Nodemailer is one of the Nodemailer teams using the JS Code Library, which provides sending functions. There is a security loophole in Nodemailer, which stems from an unlimited regression in the address resolver, which could lead to a denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Nodemailer

Published

2025-12-18

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-14874 https://bugzilla.redhat.com/show_bug.cgi?id=2418133 https://github.com/nodemailer/nodemailer https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150 https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v

Patch

https://nodemailer.com/