NextAuthjs Email misdelivery Vulnerability

Summary NextAuth.js's email sign-in can be forced to deliver authentication emails to an attacker-controlled mailbox due to a bug in nodemailer's address parser used by the project fixed in nodemailer v7.0.7. A crafted input such as: "[email protected]"@victim.com is parsed incorrectly and results i...