Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2021-23400

Disclosure Date: June 29, 2021 (last updated February 22, 2025)
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-7769

Disclosure Date: November 12, 2020 (last updated February 22, 2025)
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2017-16071

Disclosure Date: June 07, 2018 (last updated November 26, 2024)
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
0
0
Attacker Value
Unknown

CVE-2017-16072

Disclosure Date: June 07, 2018 (last updated November 26, 2024)
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
0
0