2 matches found
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection via unvalidated flag arguments in IMAP commands. A user can execute arbitrary IMAP commands by injecting CRLF sequences through crafted Symbol inputs. Remediation Upgrade net-imap to version 0.4.24, 0.5.14, 0.6.4 or highe...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS through the response parser which uses Rangetoa to convert the uid-set data into arrays of integers, without limitations on the expanded size of the ranges. Details Denial of Service DoS describes a family of...