Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-33516 - log back

CVE-2021-33516 edited at 24 May 2021 17:08:52

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Information disclosure

Description

+

An issue was discovered in GUPnP before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tampering, etc.

References

+	https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
+	https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
+	https://gitlab.gnome.org/GNOME/gupnp/-/merge_requests/13
+	https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac

Notes

CVE-2021-33516 created at 24 May 2021 17:06:28