Origin IP address disclosure through Pingora response header

HTTP responses to cached files served by the Pingora proxy revealed Origin IP address information. An attacker could trigger this misbehaviour by crafting a request with a malformed Range header. The attack was successful under conditions where Cloudflare cache was in REVALIDATED state, the incoming request was served by Pingora proxy and the affected server accepted the Range header. The issue was remediated by Cloudflare Engineering team and the leaked information was removed from all responses of the proxy.