npm audit vulnerability

MateMalice / mail-listener2

Mail listener library for node.js. Get notification when new email arrived.

Other

9 stars 7 forks source link

npm audit vulnerability #36

Closed alex737876 closed 1 year ago

alex737876 commented 2 years ago

Running npm audit on a project using mail-listener2, gives following hint:

alex737876 commented 2 years ago

nodemailer <=6.6.0 Severity: critical Header injection in nodemailer - https://github.com/advisories/GHSA-hwqf-gcqm-7353 Command injection in nodemailer - https://github.com/advisories/GHSA-48ww-j4fc-435p No fix available node_modules/nodemailer mailparser 2.3.1 - 3.2.0 Depends on vulnerable versions of nodemailer node_modules/mailparser mail-listener5 * Depends on vulnerable versions of mailparser node_modules/mail-listener5

MateMalice commented 1 year ago

Fixed in v2.1.1.