CVE-2019-1020006
CVE-2019-1020006 affects invenio-app prior to 1.1.1 and allows host header injection due to insufficient validation of host headers via APP_ALLOWED_HOSTS. Multiple sources corroborate a host header injection risk in Invenio-App before the patched versions. The Red Hat advisory reiterates the same...