| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Content spoofing |
|
| Description |
| + |
The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. |
|
| References |
| + |
https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg |
| + |
https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4 |
|
| Notes |
|