CVE-2021-30640: Improper Authentication

July 12, 2021 (updated October 27, 2022)

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm.

References

lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2021-30640

Code Behaviors & Features

Detect and mitigate CVE-2021-30640 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →