Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input of the request's Host header. An attacker can manipulate server behavior, potentially leading to cache poisoning, internal network scanning, or session hijacking by sending crafted HTTP requests with malicious Host headers.
Remediation
A fix was pushed into the master branch but not yet published.