BIT-ENVOY-2023-27487 Envoy client may fake the header `x-envoy-original-path`
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but...