CVE-2021-25329: Uncontrolled Resource Consumption

March 1, 2021 (updated November 9, 2023)

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

References

nvd.nist.gov/vuln/detail/CVE-2021-25329

Detect and mitigate CVE-2021-25329 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →