UBUNTU-CVE-2021-23400

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-23400

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-23400.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-23400

Upstream

CVE-2021-23400

Published

2021-06-29T12:15:00Z

Modified

2025-10-24T04:50:08Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

References

Affected packages

Ubuntu:20.04:LTS / node-nodemailer

Package

Name: node-nodemailer
Purl: pkg:deb/ubuntu/node-nodemailer@6.4.5-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.3.0-2

6.3.1-1

6.4.0-1

6.4.1-1

6.4.2-1

6.4.5-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-nodemailer",
            "binary_version": "6.4.5-1"
        }
    ]
}

Ubuntu:22.04:LTS / node-nodemailer

Package

Name: node-nodemailer
Purl: pkg:deb/ubuntu/node-nodemailer@6.7.1+~6.4.4-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.17-3

6.7.0-1

6.7.0-2

6.7.1+~6.4.4-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-nodemailer",
            "binary_version": "6.7.1+~6.4.4-1"
        }
    ]
}