CVE-2021-41106: Insufficient Verification of Data Authenticity

September 28, 2021 (updated October 7, 2021)

The HMAC hashing functions take any string as input and, since users can issue and validate tokens, users are lead to believe that everything works properly.

References

nvd.nist.gov/vuln/detail/CVE-2021-41106

Code Behaviors & Features

Detect and mitigate CVE-2021-41106 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →