Reported by: Kevin Schaller, Benjamin Lafois, Alexi Bitsios, Sebastian Toscano, Dominik Schneider
Active exploitation of vulnerability: NO
Description: Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.
Which versions patch releases are available for: 1.20
