mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.
[
{
"cpes": [
"cpe:2.3:a:mjml:mjml:*:*:*:*:*:*:*:*"
],
"vendor": "mjml",
"product": "mjml",
"versions": [
{
"status": "affected",
"version": "3.0.4"
},
{
"status": "affected",
"version": "3.1.0"
}
],
"defaultStatus": "unknown"
}
]