11 matches found
CVE-2026-27492
Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...
CVE-2026-27492
Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...
CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...
CVE-2026-27492
Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...
CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...
CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...
CVE-2026-27492
Lettermint Node.js SDK (npm package lettermint) is vulnerable in versions ≤ 1.5.0 where email properties (to, subject, html, text, attachments) are not reset between sends when a single client instance is reused across multiple .send() calls. This state leakage can cause content or recipient addr...
Exposure of Data Element to Wrong Session
Overview lettermint is an Official Lettermint Node.js SDK Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session via .send calls. An attacker can access sensitive email properties intended for previous recipients when a client instance is used across multipl...
GHSA-49PC-8936-WVFP Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
Impact Email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a previous send to leak into a subsequent one, potentially delivering content or recipient...
Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
Impact Email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a previous send to leak into a subsequent one, potentially delivering content or recipient...
PT-2026-21340
Name of the Vulnerable Software and Affected Versions Lettermint Node.js SDK versions 1.5.0 and below Description The Lettermint Node.js SDK has an issue where email properties to, subject, html, text, and attachments are not reset between calls to the .send function when the same client instance...