nodemailer
js · nodemailerHeads-up
Nodemailer OAuth2 TLS Certificate Verification Disabled
Nodemailer's internal HTTPS fetch client disables TLS certificate verification via rejectUnauthorized: false in lib/fetch/index.
16 Jun 2026 · schedule it
js · nodemailerHeads-up
Nodemailer: Security bypass in jsonTransport and attachDataUrls
Nodemailer's jsonTransport and attachDataUrls paths bypass disableFileAccess and disableUrlAccess security controls, allowing loca
16 Jun 2026 · schedule it
js · nodemailerHeads-up
Nodemailer List-* Header Injection via Unsanitized Comments
Nodemailer's List-* header construction from caller-provided list comments does not sanitize CR/LF characters, allowing header inj
16 Jun 2026 · schedule it