CVE-2021-23400 Information
Jun 07, 2022
cve
Description
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737 https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f https://github.com/nodemailer/nodemailer/issues/1289
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: