Vulnerabilities

 2 via 2 paths

Dependencies

 2

Source

 GitHub

Commit

 1faf6949

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

high severity
new

Uncontrolled Recursion

  • Vulnerable module: nodemailer
  • Introduced through: nodemailer@6.10.1

Detailed paths

  • Introduced through: gmail-send@alykoshin/gmail-send#1faf69492a31464def919b00844320d9a6927a23 nodemailer@6.10.1
    Remediation: Upgrade to nodemailer@7.0.11.

Overview

nodemailer is an Easy as cake e-mail sending from your Node.js applications

Affected versions of this package are vulnerable to Uncontrolled Recursion in the addressparser function. An attacker can cause the process to terminate immediately by sending an email address header containing deeply nested groups, separated by many :s.

Remediation

Upgrade nodemailer to version 7.0.11 or higher.

References

Uncontrolled Recursion vulnerability report

medium severity

Interpretation Conflict

  • Vulnerable module: nodemailer
  • Introduced through: nodemailer@6.10.1

Detailed paths

  • Introduced through: gmail-send@alykoshin/gmail-send#1faf69492a31464def919b00844320d9a6927a23 nodemailer@6.10.1
    Remediation: Upgrade to nodemailer@7.0.7.

Overview

nodemailer is an Easy as cake e-mail sending from your Node.js applications

Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of quoted local-parts containing @. An attacker can cause emails to be sent to unintended external recipients or bypass domain-based access controls by crafting specially formatted email addresses with quoted local-parts containing the @ character.

Remediation

Upgrade nodemailer to version 7.0.7 or higher.

References

Interpretation Conflict vulnerability report