[CRITICAL] Object injection via local phar file

PKSA-1pdn-z57v-5nzg CVE-2020-36326 GHSA-m298-fh5c-jc66

Affected package: phpmailer/phpmailer

Affected version: >=6.1.8,<6.4.1

Reported by:
GitHub, FriendsOfPHP/security-advisories