nodemailer@6.7.7 vulnerabilities

Easy as cake e-mail sending from your Node.js applications

  • latest version

    7.0.4

  • latest non vulnerable version

  • first published

    14 years ago

  • latest version published

    1 days ago

  • licenses detected

    • >=0.1.1 <3.0.0; >=4.0.0 <6.9.3
  • Direct Vulnerabilities

    Known vulnerabilities in the nodemailer package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Regular Expression Denial of Service (ReDoS)

    nodemailer is an Easy as cake e-mail sending from your Node.js applications

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the attachDataUrls parameter or when parsing attachments with an embedded file. An attacker can exploit this vulnerability by sending a specially crafted email that triggers inefficient regular expression evaluation, leading to excessive consumption of CPU resources.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade nodemailer to version 6.9.9 or higher.

    <6.9.9