CVE-2021-21390

Improper Enforcement of Message Integrity During Transmission in a Communication Channel in go/github.com/minio/minio

Identifier

CVE-2021-21390

Package Slug

go/github.com/minio/minio

Vulnerability

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Description

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service.As a workaround one can avoid using "aws-chunked" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS.

Affected Versions

All versions before v0.0.0-20210316203340-e197800f9055

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-03-26

source