Name of the Vulnerable Software and Affected Versions: Ghost versions prior to 4.15.0

Description: The issue affects sites using the sendmail transport as part of their mail config, making them vulnerable to remote command injection due to a problem in the nodemailer dependency. Ghost defaults to the direct transport, so this is only exploitable if the sendmail transport is explicitly used.

Recommendations: For versions prior to 4.15.0, upgrade to version 4.15.0 as soon as possible. As a temporary workaround, consider using an alternative email transport as described in the documentation.