MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js
writing arbitrary code into the routes.js
file.
{ "cwe_ids": [ "CWE-22", "CWE-352" ], "severity": "CRITICAL", "nvd_published_at": "2024-04-05T06:15:10Z", "github_reviewed_at": "2024-04-05T17:03:37Z", "github_reviewed": true }