CVE-2018-8014: Insecure Default Initialization of Resource
(updated )
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable supportsCredentials
for all origins.
References
Detect and mitigate CVE-2018-8014 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →