Description
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
Remediation
References
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737
https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f
https://github.com/nodemailer/nodemailer/issues/1289
Related Vulnerabilities
CVE-2016-10540 Vulnerability in maven package org.webjars.bower:minimatch
CVE-2023-40345 Vulnerability in maven package org.jenkins-ci.plugins:delphix
CVE-2019-15607 Vulnerability in npm package node-red
CVE-2021-46063 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2022-31160 Vulnerability in maven package org.webjars.bower:jquery-ui