Javascript Email Headers Forgery
Description
Detects potential email header injection vulnerabilities in Node.js applications using AWS SES. An attacker could manipulate email headers through unsanitized user input, potentially allowing them to modify email content, recipients, or other email properties in unauthorized ways.
Detection Strategy
• Application must use both Express.js framework and AWS SES SDK (@aws-sdk/client-ses)
• Checks for email-related function calls that handle message headers or content
• Validates if function arguments contain user-controllable input that could be used to inject malicious headers
• Reports vulnerability when email functions receive potentially unsafe input without proper sanitization
Vulnerable code example
import { SESClient, SendEmailCommand } from "@aws-sdk/client-ses";
import express from "express";
const app = express();
app.use(express.json());
const ses = new SESClient({ region: "us-east-1" });
...✅ Secure code example
import { SESClient, SendEmailCommand } from "@aws-sdk/client-ses";
import express from "express";
const app = express();
app.use(express.json());
const ses = new SESClient({ region: "us-east-1" });
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.