DEBIAN-CVE-2021-23400

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2021-23400
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-23400.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-23400
Upstream
Published
2021-06-29T12:15:08.363Z
Modified
2025-11-19T01:01:58.025627Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

References

Affected packages

Debian:11 / node-nodemailer

Package

Name
node-nodemailer
Purl
pkg:deb/debian/node-nodemailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.17-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / node-nodemailer

Package

Name
node-nodemailer
Purl
pkg:deb/debian/node-nodemailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.17-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / node-nodemailer

Package

Name
node-nodemailer
Purl
pkg:deb/debian/node-nodemailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.17-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / node-nodemailer

Package

Name
node-nodemailer
Purl
pkg:deb/debian/node-nodemailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.17-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}