invenio-app before 1.1.1 allows host header injection.Referenceshttps://github.com/inveniosoftware/invenio-app/security/advisories/GHSA-94mf-xfg5-r247
