EPSS
Percentile
43.2%
invenio-app is vulnerable to host header injection. The attack exists because it only relies on APP_ALLOWED_HOSTS to whitelist allowed host headers, misconfiguring the web server to allow requests with any host header.
APP_ALLOWED_HOSTS
github.com/inveniosoftware/invenio-app/security/advisories/GHSA-94mf-xfg5-r247