BIT-minio-2022-31028

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/minio/BIT-minio-2022-31028.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-minio-2022-31028
Aliases
Published
2024-03-06T10:57:16.966Z
Modified
2025-04-03T14:40:37.652Z
Summary
[none]
Details

MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients.

Database specific
{
    "cpes": [
        "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / minio

Package

Name
minio
Purl
pkg:bitnami/minio

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2019.09.25
Fixed
2022.06.02