https://www.systemtek.co.uk/2019/05/envoy-normalized-http-url-paths-access-control-bypass-vulnerability-cve-2019-9901/
Envoy Normalized HTTP URL Paths Access Control Bypass Vulnerability [CVE-2019-9901]