[Vulnerability] nodemailer ReDoS when trying to send a specially crafted email. - Githubissues

node-red / node-red-nodes

Extra nodes for Node-RED

Other

988 stars 593 forks source link

[Vulnerability] nodemailer ReDoS when trying to send a specially crafted email. #1051

Closed iAmSKU closed 7 months ago

iAmSKU commented 7 months ago

Which node are you reporting an issue on? node-red-node-email 2.1.0

What are the steps to reproduce? Its vulnerability

https://github.com/advisories/GHSA-9h6g-pr28-7cqp https://github.com/nodemailer/nodemailer/releases/tag/v6.9.9

What happens? NA

What do you expect to happen? A ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter attachDataUrls set, causing the stuck of event loop.

Please tell us about your environment:

[ ] Node-RED version: v3.1.0
[ ] node.js version: NA
[ ] npm version: NA
[ ] Platform/OS: Any
[ ] Browser: Any