3 matches found
BIT-NIFI-2026-54665 Apache NiFi: Missing Validation for Proxy Host Headers
Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...
Host Header Injection
github.com/zitadel/zitadel is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the Forwarded or X-Forwarded-Host headers when generating password reset links, which allows an attacker to manipulate the link to a malicious domain and capture the reset code,...
Onlook 安全漏洞
Onlook is a source code visual editing tool from the Onlook open source. A security vulnerability exists in Onlook version 0.2.32 that stems from not properly validating the X-Forwarded-Host header value, which could result in a redirect to an arbitrary external website...