Homepage
About Snyk

invenio-app@1.0.4 vulnerabilities

WSGI, Celery and CLI applications for Invenio flavours.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the invenio-app package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Host Header Injection

invenio-app is a WSGI, Celery and CLI applications for Invenio flavours.

Affected versions of this package are vulnerable to Host Header Injection due to the APP_ALLOWED_HOSTS not always being checked.

How to fix Host Header Injection?

Upgrade invenio-app to version 1.0.6, 1.1.1 or higher.

[,1.0.6) [1.1.0,1.1.1)
Go back to all versions of this package