You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authorized clients, having an inject_processor secret, could brute-force the secret token value by abusing the fmt parameter to the Proxy-Tokenizer header.
Impact
Authorized clients, having an
inject_processorsecret, could brute-force the secret token value by abusing thefmtparameter to theProxy-Tokenizerheader.Patches
This was fixed in #8 and further mitigated in #9.