invenio-app is vulnerable to host header injection. The attack exists because it only relies on APP_ALLOWED_HOSTS
to whitelist allowed host headers, misconfiguring the web server to allow requests with any host header.
CPE | Name | Operator | Version |
---|---|---|---|
invenio-app | eq | 1.1.0 | |
invenio-app | le | 1.0.5 |