CVE-2021-33516 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	An issue was discovered in GUPnP before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tampering, etc.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1985	gupnp	1.2.4-1	1.2.6-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
25 May 2021	ASA-202105-26	AVG-1985	gupnp	Medium	information disclosure

References
https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 https://gitlab.gnome.org/GNOME/gupnp/-/merge_requests/13 https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac

References

https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
https://gitlab.gnome.org/GNOME/gupnp/-/merge_requests/13
https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac