Homepage

nodemailer@6.7.7 vulnerabilities

Easy as cake e-mail sending from your Node.js applications

  • latest version

    7.0.4

  • latest non vulnerable version

    7.0.4

  • first published

    14 years ago

  • latest version published

    1 days ago

  • licenses detected

    • MIT
      >=0.1.1 <3.0.0; >=4.0.0 <6.9.3
  • View nodemailer package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the nodemailer package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Regular Expression Denial of Service (ReDoS)

    nodemailer is an Easy as cake e-mail sending from your Node.js applications

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the attachDataUrls parameter or when parsing attachments with an embedded file. An attacker can exploit this vulnerability by sending a specially crafted email that triggers inefficient regular expression evaluation, leading to excessive consumption of CPU resources.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade nodemailer to version 6.9.9 or higher.

    <6.9.9
    Go back to all versions of this package