The package nodemailer prior to 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nodemailer nodemailer |