HTTP Header Injection Vulnerability in Nodemailer Package (before 6.6.1)

HTTP Header Injection Vulnerability in Nodemailer Package (before 6.6.1)

CVE-2021-23400 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

Learn more about our User Device Pen Test.