github.com/istio/api is vulnerable to authorization bypass. The vulnerability exists as Istio improperly handles forwarded attributes, allowing it to accept x-istio-attributes
header during ingress. When used with the Mixer Policy enabled, it can result in different policy decisions.