GHSA-3329-PJWV-FJPG Hostname spoofing via backslashes in URL
Impact If using affected versions to determine a URL's hostname, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may...