CVE-2025-14874
- EPSS 0.08%
- Veröffentlicht 18.12.2025 08:40:31
- Zuletzt bearbeitet 08.01.2026 03:15:43
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.
CVE-2025-13033
- EPSS 0.05%
- Veröffentlicht 14.11.2025 19:37:08
- Zuletzt bearbeitet 03.02.2026 22:16:27
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. Th...
CVE-2021-23400
- EPSS 0.54%
- Veröffentlicht 29.06.2021 12:15:08
- Zuletzt bearbeitet 21.11.2024 05:51:38
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
CVE-2020-7769
- EPSS 0.51%
- Veröffentlicht 12.11.2020 09:15:11
- Zuletzt bearbeitet 21.11.2024 05:37:46
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.