---

ASA-202103-5 - log back

ASA-202103-5 edited at 20 Mar 2021 12:15:23
Workaround	- Disabling uploads with `Content-Type: multipart/form-data` as mentioned in the S3 API RESTObjectPOST docs by + Disabling uploads with `Content-Type: multipart/form-data` as mentioned + in the S3 API RESTObjectPOST docs by using a proxy in front of MinIO.

ASA-202103-5 edited at 13 Mar 2021 21:05:40
Workaround	+ Disabling uploads with `Content-Type: multipart/form-data` as mentioned in the S3 API RESTObjectPOST docs by + using a proxy in front of MinIO.
Impact	+ A remote attacker can alter a read-only resource via a temporary share upload URL.

ASA-202103-5 created at 13 Mar 2021 21:03:04