Tokenizer vulnerable to client brute-force of token secrets
Impact Authorized clients, having an inject_processor secret, could brute-force the secret token value by abusing the fmt parameter to the Proxy-Tokenizer header. Patches This was fixed in https://github.com/superfly/tokenizer/pull/8 and further mitigated in https://github.com/superfly/tokenizer/pull/9.