Traefik: Pre-authentication decision bypass due to forwarded alias spoofing

Summary There is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only canonical header names e.g., X-Forwarded-Proto and does not strip or normalize alias variants that...