CVE-2023-30845

ESPv2 (Google Extensible Service Proxy) versions 2.20.0–2.42.0 are affected by an authentication bypass vulnerability where an attacker can craft a malicious X-HTTP-Method-Override header to bypass JWT authentication when the requested HTTP method is not in the API service definition and the over...