[feehi/cms] Feehi CMS host header injection vulnerability may allow attacker to spoof a particular header

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-38796
• https://www.youtube.com/watch?v=k8dp0FJnSsI
• https://github.com/advisories/GHSA-4r4f-jrvw-h727