EUVD-2019-0061

Malware in sbrugna...

CVE-2019-1020006

invenio-app before 1.1.1 allows host header injection...

Host Header Injection

invenio-app is vulnerable to host header injection. The attack exists because it only relies on APPALLOWEDHOSTS to whitelist allowed host headers, misconfiguring the web server to allow requests with any host header...

CVE-2019-1020006

invenio-app before 1.1.1 allows host header injection...

CVE-2019-1020006

invenio-app before 1.1.1 allows host header injection...

invenio (>=3.0.0 <=3.1.0.dev20181106) potentially affected by CVE-2019-1020006 via invenio-app (=1.0.6)

invenio-app PYPI version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on invenio-app and may be impacted: - invenio =3.0.0, =3.1.0.dev20181106 Source cves: CVE-2019-1020006 Source advisory: OSV:PYSEC-2019-24...

PYSEC-2019-24

invenio-app before 1.1.1 allows host header injection...

PYSEC-2019-24

invenio-app before 1.1.1 allows host header injection...

PYSEC-2019-94

invenio-app before 1.1.1 allows host header injection...

CVE-2019-1020006

invenio-app before 1.1.1 allows host header injection...

CVE-2019-1020006

CVE-2019-1020006 affects invenio-app prior to 1.1.1 and allows host header injection due to insufficient validation of host headers via APP_ALLOWED_HOSTS. Multiple sources corroborate a host header injection risk in Invenio-App before the patched versions. The Red Hat advisory reiterates the same...

GHSA-94MF-XFG5-R247 Invenio-App vulnerable to host header injection attack

APPALLOWEDHOSTS not always preventing host header injection Impact A possible host header injection attack have been identified in Invenio-App. For an attack to be possible, all conditions below must be met: 1. Your webserver must have been configured to route all requests to your application. 2...