I am the author of the advisory below. As of publication, no CVE number has been issued. This post will be updated when a CVE number is issued.
This advisory describes a class of security vulnerabilities which can manifest due to choices made during HTTP API design and implementation. These vulnerabilities may be used to bypass network security policies and enable data exflitration or unauthorized API use.