CVE-2021-29462 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Content spoofing
Description	The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1844	libupnp	1.14.5-1	1.14.6-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
29 Apr 2021	ASA-202104-8	AVG-1844	libupnp	High	content spoofing

References
https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4