MediaCrush Host Header Injection Vulnerability in Header Handler Component

Vulnerability

A vulnerability exists in MediaCrush versions 1.0.0 and 1.0.1, specifically within the Header Handler component. The issue arises in the file 'mediacrush/paths.py', where the application improperly validates the Host header in incoming HTTP requests. This flaw allows remote attackers to manipulate the Host header, leading to various potential exploits such as cache poisoning, unauthorized password reset link manipulation, and other attacks that exploit Host header vulnerabilities.

Impact

Exploitation of this vulnerability allows for improper neutralization of HTTP headers, creating opportunities for cache poisoning, manipulation of password reset links, and other Host header-related attacks.

Added: Dec 1, 2025, 3:18 AM

Updated: Dec 1, 2025, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

8.4

remediation

0.0

relevance

1.2

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

8.4

remediation

0.0

relevance

1.2

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaCrush Host Header Injection Vulnerability in Header Handler Component

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating