nodemailer@6.7.7 vulnerabilities

Easy as cake e-mail sending from your Node.js applications

Direct Vulnerabilities

Known vulnerabilities in the nodemailer package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Regular Expression Denial of Service (ReDoS)

nodemailer is an Easy as cake e-mail sending from your Node.js applications

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the attachDataUrls parameter or when parsing attachments with an embedded file. An attacker can exploit this vulnerability by sending a specially crafted email that triggers inefficient regular expression evaluation, leading to excessive consumption of CPU resources.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade nodemailer to version 6.9.9 or higher.

<6.9.9