CVE-2021-21362: Improper Authorization

March 8, 2021 (updated October 21, 2022)

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. As a workaround, one can disable uploads with a Content-Type of multipart/form-data as mentioned in the S3 API RESTObjectPOST docs by using a proxy in front of MinIO.

References

nvd.nist.gov/vuln/detail/CVE-2021-21362

Code Behaviors & Features

Detect and mitigate CVE-2021-21362 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →