This affects the package nodemailer prior to 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nodemailer nodemailer |