CVE-2022-22691: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
(updated )
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL.See the AppCheck advisory for further information and associated caveats.
References
Detect and mitigate CVE-2022-22691 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →