[GHSA-ghc4-35x6-crw5] Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation

[sekveaja]

Hello,
I notice that Patched version is not aligned between GHSA-ghc4-35x6-crw5 and
GHSA-ghc4-35x6-crw5

[github]

Hi there @phlax! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[phlax]

@sekveaja i think this does need a fix - but im not sure this pr fixes

not familiar with this json spec - but i think you need to bump all the last_affected fields patch+1

[sekveaja]

@phlax it is the first time I report the discrepancy as an user. I'm not sure where to bump as suggested.

[phlax]

its new to me also - but i think the change needs to happen to last_affected - as suggested above - same file - different fields - updating the timestamp wont do anything afaict