CVE-2021-23400

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt