Описание
Duplicate Advisory: Nodemailer is vulnerable to DoS through Uncontrolled Recursion
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-rcmh-qjqh-p98v. This link is maintained to preserve external references.
Original Description
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.
Ссылки
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v
- https://nvd.nist.gov/vuln/detail/CVE-2025-14874
- https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150
- https://access.redhat.com/security/cve/CVE-2025-14874
- https://bugzilla.redhat.com/show_bug.cgi?id=2418133
Пакеты
Наименование
nodemailer
npm
Затронутые версииВерсия исправления
< 7.0.11
7.0.11
5.3 Medium
CVSS3
Дефекты
CWE-674
CWE-703
5.3 Medium
CVSS3
Дефекты
CWE-674
CWE-703