Vulnerabilities

 2 via 2 paths

Dependencies

 78

Source

 GitHub

Commit

 a1278f18

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

high severity
new

Uncontrolled Recursion

  • Vulnerable module: nodemailer
  • Introduced through: nodemailer@6.10.1

Detailed paths

  • Introduced through: express-smtp-mailer@killshot13/express-smtp-mailer#a1278f18fd8020bfff71b7f9e04a2e13b85a6f5a nodemailer@6.10.1
    Remediation: Upgrade to nodemailer@7.0.11.

Overview

nodemailer is an Easy as cake e-mail sending from your Node.js applications

Affected versions of this package are vulnerable to Uncontrolled Recursion in the addressparser function. An attacker can cause the process to terminate immediately by sending an email address header containing deeply nested groups, separated by many :s.

Remediation

Upgrade nodemailer to version 7.0.11 or higher.

References

Uncontrolled Recursion vulnerability report

medium severity

Interpretation Conflict

  • Vulnerable module: nodemailer
  • Introduced through: nodemailer@6.10.1

Detailed paths

  • Introduced through: express-smtp-mailer@killshot13/express-smtp-mailer#a1278f18fd8020bfff71b7f9e04a2e13b85a6f5a nodemailer@6.10.1
    Remediation: Upgrade to nodemailer@7.0.7.

Overview

nodemailer is an Easy as cake e-mail sending from your Node.js applications

Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of quoted local-parts containing @. An attacker can cause emails to be sent to unintended external recipients or bypass domain-based access controls by crafting specially formatted email addresses with quoted local-parts containing the @ character.

Remediation

Upgrade nodemailer to version 7.0.7 or higher.

References

Interpretation Conflict vulnerability report