october/october is vulnerable to host-header injection. The server is configured to accept a wildcard as a hostname and routes the requests regardless of the Host header value. This potentially allows for Host Header injection attacks to succeed and can cause unexpected behavior in the application.
CPE | Name | Operator | Version |
---|---|---|---|
october/october | le | v1.1.1 |