istio/envoy: Authorization bypass via null characters injection in HTTP/1.x
A flaw was found in Envoy version 1.9.0 and older, where Envoy does not reject embedded zero characters NUL, ASCII 0x0 when processing HTTP/1.x header values. This flaw allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules,...