nodemailer@9.0.0

Easy as cake e-mail sending from your Node.js applications

  • latest version

    9.0.3

  • latest non vulnerable version

  • first published

    15 years ago

  • latest version published

    4 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the nodemailer package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Server-side Request Forgery (SSRF)

    nodemailer is an Easy as cake e-mail sending from your Node.js applications

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the message-level raw option bypassing disableFileAccess and disableUrlAccess flags. An attacker can access arbitrary local files or perform server-side request forgery by supplying crafted input to the raw field, which bypasses intended access restrictions and results in sensitive data being sent to an attacker-controlled recipient.

    How to fix Server-side Request Forgery (SSRF)?

    Upgrade nodemailer to version 9.0.1 or higher.

    <9.0.1