Alyssawilk

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.27.0 Envoy versions prior to 1.26.4 Envoy versions prior to 1.25.9 Envoy versions prior to 1.24.10 Envoy versions prior to 1.23.12 **Description** The issue is related to the handling of mixed-case schemes in HTTP/2 by Envoy, an open source edge and service proxy. Some internal scheme checks are case-sensitive, which can lead to the rejection of requests with mixed-case schemes, such as `htTp` or `htTps`, or the bypassing of some requests, like `https` in unencrypted connections. This can potentially allow a remote attacker to access protected data. **Recommendations** For versions prior to 1.27.0, update to version 1.27.0 or later. For versions prior to 1.26.4, update to version 1.26.4 or later. For versions prior to 1.25.9, update to version 1.25.9 or later. For versions prior to 1.24.10, update to version 1.24.10 or later. For versions prior to 1.23.12, update to version 1.23.12 or later.