CVE-2021-21390: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

March 19, 2021 (updated March 25, 2021)

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service.As a workaround one can avoid using “aws-chunked” encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS.

References

nvd.nist.gov/vuln/detail/CVE-2021-21390

Code Behaviors & Features

Detect and mitigate CVE-2021-21390 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →