CVE-2021-33516 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
An issue was discovered in GUPnP before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tampering, etc.
Group Package Affected Fixed Severity Status Ticket
AVG-1985 gupnp 1.2.4-1 1.2.6-1 Medium Fixed
Date Advisory Group Package Severity Type
25 May 2021 ASA-202105-26 AVG-1985 gupnp Medium information disclosure
References
https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
https://gitlab.gnome.org/GNOME/gupnp/-/merge_requests/13
https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac