GHSA-rcmh-qjqh-p98v: Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls

December 1, 2025

A DoS can occur that immediately halts the system due to the use of an unsafe function.

References

github.com/advisories/GHSA-rcmh-qjqh-p98v
github.com/nodemailer/nodemailer
github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150
github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v

Code Behaviors & Features

Detect and mitigate GHSA-rcmh-qjqh-p98v with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →