EPSS
Percentile
40.1%
Lynx has changeable host values. It doesn’t parse the authority component of the URL when the url ends with ?. Using this flaw, attackers can trick the application into connecting to a different host value.
?
www.openwall.com/lists/oss-security/2016/11/03/4