CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.
"https://github.com/pypa/advisory-database/blob/main/vulns/indico/PYSEC-2021-18.yaml"