Adam Williams

**Name of the Vulnerable Software and Affected Versions** Nodemailer versions prior to 6.6.1 **Description** The issue is related to insufficient neutralization of newline and carriage return characters in requests, which can lead to HTTP Header Injection. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability occurs when unsanitized user input that may contain newlines and carriage returns is passed into an address object. **Recommendations** For versions prior to 6.6.1, update to version 6.6.1 or later to resolve the issue. As a temporary workaround, consider sanitizing user input to prevent the inclusion of newline and carriage return characters in address objects. Restrict access to sensitive data and monitor for potential exploitation attempts.