CVE-2021-23400

Name of the Vulnerable Software and Affected Versions Nodemailer versions prior to 6.6.1

Description The issue is related to insufficient neutralization of newline and carriage return characters in requests, which can lead to HTTP Header Injection. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability occurs when unsanitized user input that may contain newlines and carriage returns is passed into an address object.

Recommendations For versions prior to 6.6.1, update to version 6.6.1 or later to resolve the issue. As a temporary workaround, consider sanitizing user input to prevent the inclusion of newline and carriage return characters in address objects. Restrict access to sensitive data and monitor for potential exploitation attempts.