CVE-2021-3116: Improper Authorization
(updated )
before_upstream_connection in AuthPlugin in http/proxy/auth.py
in proxy.py accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
References
Detect and mitigate CVE-2021-3116 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →