Description
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 2.0.0-beta1, <= 2.1.0
References
Related Issues
- Angular Expressions - Remote Code Execution when using locals - CVE-2024-54152
- JSONPath Plus Remote Code Execution (RCE) Vulnerability - CVE-2024-21534
- Nuxt vulnerable to remote code execution via the browser when running the test locally - CVE-2024-34344
- angular-base64-upload vulnerable to unauthenticated remote code execution - CVE-2024-42640
- Tags:
- npm
- maildev
Anything's wrong? Let us know Last updated on March 14, 2025