CVE-2021-21390: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
(updated )
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service.As
a workaround one can avoid using “aws-chunked” encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS.
References
Detect and mitigate CVE-2021-21390 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →