CVE 2021-30185
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.
See the
CVE page on Mitre.org
for more details.
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.