Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7769 | 1 Nodemailer | 1 Nodemailer | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. | |||||
CVE-2021-23400 | 1 Nodemailer | 1 Nodemailer | 2021-07-06 | 6.8 MEDIUM | 8.8 HIGH |
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. |