Name of the Vulnerable Software and Affected Versions: nodemailer (affected versions not specified)

Description: A ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter attachDataUrls set, causing the event loop to become stuck. Another flaw was found when nodemailer tries to parse attachments with an embedded file, also causing the event loop to become stuck. The issue involves specific regex patterns, including /^data:((?:[^;]*;)*(?:[^,]*)),(.*)$/ and /(<imgb[^>]* srcs*=[s"']*)(data:([^;]+);[^"'>s]+)/, and affects functions such as compile, getAttachments, processDataUrl, and convertDataImages. A specially crafted email can cause this problem, leading to the event loop becoming stuck.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.